Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

Memo Warned of "Limitless" Security Risks for HealthCare.gov ("Catastrophic"?)
CBS News ^ | Monday, November 11, 2103 | Sharyl Attkisson

Posted on 11/11/2013 5:23:15 PM PST by kristinn

CBS News has learned that the project manager in charge of building the federal health care website was apparently kept in the dark about serious failures in the website's security. Those failures could lead to identity theft among buying insurance. The project manager testified to congressional investigators behind closed doors, but CBS News has obtained the first look at a partial transcript of his testimony.

Henry Chao, HealthCare.gov's chief project manager at the Centers for Medicare and Medicaid Services (CMS), gave nine hours of closed-door testimony to the House Oversight Committee in advance of this week's hearing. In excerpts CBS News has obtained, Chao was asked about a memo that outlined important security risks discovered in the insurance system.

Chao said he was unaware of a Sept. 3 government memo written by another senior official at CMS. It found two high-risk issues, which are redacted for security reasons. The memo said "the threat and risk potential (to the system) is limitless." The memo shows CMS gave deadlines of mid-2014 and early 2015 to address them.

But Chao testified he'd been told the opposite.

What I recall is what the team told me, is that there were no high findings," he said.

Chao testified security gaps could lead to identity theft, unauthorized access and misrouted data.

According to federal guidelines, high risk means "the vulnerability could be expected to have a severe or catastrophic adverse affect on organizational operations ... assets or individuals."

(Excerpt) Read more at cbsnews.com ...


TOPICS: Crime/Corruption; Front Page News; Government; News/Current Events
KEYWORDS: irsobamacare; irssecurity; obamacare; obamacarelies; obamacaresecurity; obamacarewebsite
Video of report at the source link.
1 posted on 11/11/2013 5:23:15 PM PST by kristinn
[ Post Reply | Private Reply | View Replies]

To: kristinn

What difference, at this point, does it make?


2 posted on 11/11/2013 5:24:21 PM PST by Antihero101607
[ Post Reply | Private Reply | To 1 | View Replies]

To: kristinn
Memo Warned of "Limitless" Security Risks for HealthCare.gov

i remember that thread even though it was years ago...

3 posted on 11/11/2013 5:25:16 PM PST by bigheadfred
[ Post Reply | Private Reply | To 1 | View Replies]

To: kristinn

I’m a project manager. This is blatant BS. There is NO WAY this was not known unless the PM was asleep at the wheel or off doing crack with the mayor of toronto.


4 posted on 11/11/2013 5:28:31 PM PST by onona (The Earth is the insane asylum for the universe (yup, I belong))
[ Post Reply | Private Reply | To 1 | View Replies]

To: Antihero101607
What difference, at this point, does it make?<<

Good point!...We've spent 600 million on a site that could have been done for a couple of million at most by free enterprise...Why stop now??...I don't care if it takes us gazillions.....This is America.....we can do it!!!.....YES WE CAN!....../s

5 posted on 11/11/2013 5:33:09 PM PST by M-cubed
[ Post Reply | Private Reply | To 2 | View Replies]

To: kristinn
Note to CMS...Check your return codes!!!!!
6 posted on 11/11/2013 5:33:13 PM PST by ImJustAnotherOkie (zerogottago)
[ Post Reply | Private Reply | To 1 | View Replies]

To: M-cubed

Forward Comrades!!!


7 posted on 11/11/2013 5:35:28 PM PST by Antihero101607
[ Post Reply | Private Reply | To 5 | View Replies]

To: onona

He would have had a copy of the security assessment.

I did the security assessment for a state exchange to the IRS. The PM most certainly received my report. I most certainly went through each of the findings with them.


8 posted on 11/11/2013 5:46:30 PM PST by driftdiver (I could eat it raw, but why do that when I have a fire.)
[ Post Reply | Private Reply | To 4 | View Replies]

To: kristinn
The author of the security memo, Tony Trenkle, retired from CMS last week; no reason was given.

How convenient.

The person who authored the memo that Chao "never saw" is now out of the picture.

No doubt Jarrett told him to go into hiding.

9 posted on 11/11/2013 5:55:18 PM PST by what's up
[ Post Reply | Private Reply | To 1 | View Replies]

To: kristinn
I fully agree with your assessment. This bit:

Chao said he was unaware of a Sept. 3 government memo written by another senior official at CMS. It found two high-risk issues

No. Absolutely not. Total BS. There is a risk manager. He knows all the risks. He reports the risks up the chain of command. For risks to -- instead -- be compartmentalized and kept hidden from the PM ... that's either a lie or an inconceivable level of managerial incompetence.

10 posted on 11/11/2013 5:57:47 PM PST by ClearCase_guy (21st century. I'm not a fan.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: onona; kristinn
"I didn't do it. Nobody saw me. You can't prove a thing."

Bart Simpson

11 posted on 11/11/2013 5:58:33 PM PST by Hardastarboard (You can keep your doctor - if you lock him in your basement.)
[ Post Reply | Private Reply | To 4 | View Replies]

To: ClearCase_guy

I’ll take “inconceivable level of managerial incompetence” for $100 if you please Alex.


12 posted on 11/11/2013 6:02:13 PM PST by spokeshave (Obamacare is planned, just like the planned famine by the Russians to eliminate the Ukrainians.)
[ Post Reply | Private Reply | To 10 | View Replies]


Stop Obamacare before it stops you.
Support Free Republic.

13 posted on 11/11/2013 6:08:52 PM PST by RedMDer (Happy with this, America? Make your voices heard. 2014 is just around the corner. ~ Sarah Palin)
[ Post Reply | Private Reply | View Replies]

To: kristinn

According to federal guidelines, high risk means “the vulnerability could be expected to have a severe or catastrophic adverse affect on organizational operations ... assets or individuals.”

So this is what is meant by a catastrophic insurance policy. A policy devised by Leftists.


14 posted on 11/11/2013 6:16:15 PM PST by grumpygresh (Democrats delenda est. New US economy: Fascism on top, Socialism on the bottom.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: grumpygresh

How to fix it? Implant a chip in your hand or your forehead. Of course it will contain that well known number 666.


15 posted on 11/11/2013 6:24:58 PM PST by Liberty Wins ( The average lefty is synapse challenged)
[ Post Reply | Private Reply | To 14 | View Replies]

Comment #16 Removed by Moderator

To: spokeshave
I want to place a bet on that, too!

Better odds than Powerball for sure!

17 posted on 11/11/2013 6:27:50 PM PST by sarasmom (Extortion 17. A large number of Navy SEALs died on that mission. Ask why.)
[ Post Reply | Private Reply | To 12 | View Replies]

To: kristinn

Given the fact that the federal government requires organizations handling financial information to conform to SOX (Sarbanes Oxley) audits, and organizations handling health care information to conform to HIPPA audits, it sounds like the system developed (NOT JUST THE WEB SITE!!!) doesn’t conform to either.

In addition to that, any self respecting financial company, especially one that uses credit cards, is supposed to meet PCI security specifications ( https://www.pcisecuritystandards.org/security_standards/index.php )

What are the chances that any of these security standards have been met?

Mark


18 posted on 11/11/2013 7:16:49 PM PST by MarkL (Do I really look like a guy with a plan?)
[ Post Reply | Private Reply | To 1 | View Replies]

To: kristinn

Either one of two things happened:

1. Henry Chao lied to Congress when he testified behind closed doors last week for 9+ hours. He stated that he never saw the memo and he had been told that there were no significant problems with the web site.

Or:

2. Chao was never shown the Trenkle memo [but his superiors were] and they realized that [if he was shown the memo], he would never sign off on the Oct. 1st release.

Its either one or the other ...


19 posted on 11/11/2013 8:15:46 PM PST by Lmo56 (If ya wanna run with the big dawgs - ya gotta learn to piss in the tall grass ...)
[ Post Reply | Private Reply | To 1 | View Replies]

To: kristinn

Isn’t it sad that this is getting exponentially more play than Fast & Furious and the IRS.


20 posted on 11/11/2013 9:49:28 PM PST by Eagles6 (Valley Forge Redux)
[ Post Reply | Private Reply | To 1 | View Replies]

To: kristinn

Look, this is what I do for a living.

I am here to tell you something, Kristin.

I, personally, armed with a small team of equally skilled developers — maybe 3 to 5 — could have written the entire Obamacare website, tested, and secure, within three years.

NO way this thing should have costed what it did.

NO excuse for its failure.

This was not a web project, this was the laundering of millions of dollars to the Democrats.

Period.


21 posted on 11/12/2013 3:44:36 AM PST by Lazamataz (Early 2009 to 7/21/2013 - RIP my little girl Cathy. You were the best cat ever. You will be missed.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Lazamataz

Laz, once again, you broke the code.

This is the laundering of money to fellow travelers by the Dems.

Using our own tax money and funneling it to their cronies and fellow Communists has been raised to an art form by this Administration.


22 posted on 11/12/2013 4:01:25 AM PST by exit82 ("The Taliban is on the inside of the building" E. Nordstrom 10-10-12)
[ Post Reply | Private Reply | To 21 | View Replies]

To: kristinn

Why not call the moron that wrote the memo and ask him who he addressed it to.


23 posted on 11/12/2013 5:27:17 AM PST by dearolddad (/i>)
[ Post Reply | Private Reply | To 1 | View Replies]

To: kristinn
"There is nothing to worry about. Everything is perfectly safe."


24 posted on 11/12/2013 8:48:35 AM PST by Paine in the Neck (Is John's moustache long enough YET?)
[ Post Reply | Private Reply | To 1 | View Replies]

To: onona

I’m a project manager. This is blatant BS. There is NO WAY this was not known unless the PM was asleep at the wheel or off doing crack with the mayor of toronto.

I am an ITSEC PM and I agree. Also having delt with mitigating “high findings” as a results of Gubment audits. I can tell very few of these audits come out clean as whistle. That said I would like the Issues & Risk registers gone over with fine toothed comb, not just those dealing with security but mainly performance and testing.


25 posted on 11/12/2013 9:05:59 AM PST by john316 (JOSHUA 24:15 ...choose you this day whom ye will serve...)
[ Post Reply | Private Reply | To 4 | View Replies]

To: Eagles6
Isn’t it sad that this is getting exponentially more play than Fast & Furious and the IRS.

Yes it is sad. And the only reason is because nobamacare affects virtually all Americans. It's hard to ignore.

F&F and the IRS abuse will be walks in the park compared to this kludge.

26 posted on 11/12/2013 11:49:21 AM PST by upchuck (I've got maternity care via Obamacare! Now, if I could just figure out how a male gets pregnant...)
[ Post Reply | Private Reply | To 20 | View Replies]

To: upchuck
I know that obamacare is devastating but the IRS "phony" scandal crushed the 1st Amendment and the result was a stolen election.

Fast & Furious was an act of war against a neighboring country that has resulted in the murders of hundreds including 2 US law enforcement officers.

27 posted on 11/12/2013 5:41:16 PM PST by Eagles6 (Valley Forge Redux)
[ Post Reply | Private Reply | To 26 | View Replies]

To: ClearCase_guy
that's either a lie or an inconceivable level of managerial incompetence.

Oh, I think it's both a lie and this bunch has an inconceivable level of managerial incompetence. We've known the latter ever since those stories came out in 2008 about the Obama campaign: The campaign was effective but the campaign plane cabin was, uh, fragrant. And since then, anytime anything goes wrong, no one at the upper levels seems to know anything, even under oath.

28 posted on 11/12/2013 9:35:09 PM PST by Paul R. (We are in a break in an Ice Age. A brief break at that...)
[ Post Reply | Private Reply | To 10 | View Replies]

To: Antihero101607; kristinn

I actually think that at this point, it does make a difference. Who’s going to sign up if there’s a strong possibility of identity theft? If no one signs up, this thing crashes.

I know some (like Rush) say that’s the intent (so as to get to a totally gov’t run health care system). But I’m not so sure that’s how things turn out if the gov’t itself has put tens of millions of citizens at risk of identity theft.


29 posted on 11/12/2013 9:43:09 PM PST by Paul R. (We are in a break in an Ice Age. A brief break at that...)
[ Post Reply | Private Reply | To 2 | View Replies]

To: kristinn

these nazis always have somebody else to blame don’t they.....


30 posted on 11/12/2013 10:57:03 PM PST by cherry (.in the time of universal deceit, telling the truth is revolutionary.....)
[ Post Reply | Private Reply | To 1 | View Replies]

To: MarkL
lets not pretend.....

all this is intentional.

..we’ll have all these takers on the medicaid roles and no money to pay for the drs and hospitals to treat them

and then an ensuing financial crisis after crisis until finally the federales slip in and SAVE US ALL by instituting univerals single payer health care ....

31 posted on 11/12/2013 11:05:11 PM PST by cherry (.in the time of universal deceit, telling the truth is revolutionary.....)
[ Post Reply | Private Reply | To 18 | View Replies]

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson