Cybersecurity issues surround HealthCare.gov
It's no secret that the initial rollout of HealthCare.gov, the website hosting the insurance exchanges that formed the central component of the Affordable Care Act, did not go as planned. The site crashed repeatedly and few who visited were able to successfully sign up for coverage.
In the time since then, the website was stabilized and now functions essentially as intended. However, technical issues still surround HealthCare.gov, especially in the realm of cybersecurity. Notably, a House Committee recently initiated a probe to investigate potential security problems, while administration officials unveiled a number of upgrades to improve the website's reliability.
To advance the HealthCare.gov security probe, Rep. Lamar Smith, R-Texas and chair of the House Science, Space and Technology Committee, recently issued a subpoena for former U.S. Chief Technology Officer Todd Park to testify in Congress. Park, who now serves as a technology adviser to the White House, will be asked to appear before an upcoming Oversight subcommittee. Park played an important role in salvaging the website following its problematic debut. According to Smith, Park has previously failed to inform the committee with needed information concerning HealthCare.gov's cybersecurity.
Reasons for concern
While there may or may not be political motivations behind the House Committee's subpoena, there are definitive reasons for observers to worry about the cybersecurity of HealthCare.gov. Most notably, an investigation by the Department of Health and Human Services confirmed that part of the website had been hacked in July, although this intrusion was not discovered until September. According to that report, the hacker did not access any consumers' personal data, but he or she did upload malicious software.
While this intrusion was both the first of its kind and relatively minor, it raised concerns about the overall security of the website, HHS officials explained.
Improvements on the way
However, the administration has taken steps to improve the quality of HealthCare.gov's cybersecurity in the days since this breach was identified. White House officials announced that the website received a number of significant cybersecurity upgrades recently, ABC News reported. These improvements were made to prepare for Nov. 15, when the second open enrollment period is set to begin.
Key to the website's cybersecurity upgrades was a new focus on cloud integration, according to Andy Slavitt, who helps oversee HealthCare.gov. He told the news source that HealthCare.gov's cloud hosting facility now meets the government's most stringent security standards.
Additionally, the website is undergoing daily scans and weekly white-hat hacking attempts to better gauge its defenses, according to ABC News.
Obviously, it remains to be seen whether these measures prove sufficient to keep HealthCare.gov safe from hackers and other cybercriminals. However, all of this clearly shows that even highly publicized and important government IT projects can fall victim to cyberattacks, and that renewed, improved efforts are essential for securing these resources. This speaks to the need for government agencies across the board to work with third-party cybersecurity firms to achieve higher standards for their sensitive assets.