Skip to comments.High security risks found after HealthCare.gov launch(CBS headline)
Posted on 12/20/2013 6:57:30 AM PST by Rennes Templar
A top HealthCare.gov security officer told Congress there have been two, serious high-risk findings since the websites launch, including one on Monday of this week, CBS News has learned.
Teresa Fryer, the chief information security officer for the Centers for Medicare and Medicaid Services (CMS), revealed the findings when she was interviewed Tuesday behind closed doors by House Oversight Committee officials. The security risks were not previously disclosed to members of Congress or the public. Obama administration officials have firmly insisted theres no reason for any concern regarding the websites security.
White House makes last-minute Obamacare rules changes Poll: Many uninsured haven't explored Obamacare options
The Department of Health and Human Services (HHS) responded to questions about the security findings in a statement that said, "in one case, what was initially flagged as a high finding was proven to be false. In the other case, we identified a piece of software code that needed to be fixed and that fix is now in place. Since that time, the feature has been fully mitigated and verified by an independent security assessment, per standard practice."
According to federal standards set by the National Institute of Standards and Technology (NIST), the potential impact of a high finding is the loss of confidentiality, integrity, or availability could be expected to have a severe or catastrophic adverse effect on organizational operations, organizational assets, or individuals.
In another security bombshell, Fryer told congressional interviewers that she explicitly recommended denial of the websites Authority to Operate (ATO), but was overruled by her superiors. The website was rolled out amid warnings Fryer said she gave both verbally and in a briefing that disclosed high risks and possible exposure to attacks.
(Excerpt) Read more at cbsnews.com ...
Feds are going after Target for a minor security lapse compared to the Ubamacare website flustercluck.
I’m confused. Are these two ‘risks’ INCLUDED in the 19 vulnerabilities that were known before the system was launched, or is the acknowledged total now standing at 21?
Wouldn't be surprised if someone presents a bill to kill it and it gets by an Obama veto.
Flukey will just have to buy her own contraceptives.
“Fryer testified that “unknown risks” can’t be remediated or mitigated.”
All Sebelius’ statements to the contrary notwithstanding, neither she nor anyone else can assure Congress nor the public at large that the system is secure enough to use, nor that it has not been compromised.
IOW Sebelius LIES!
I’m amazed that CBS hasn’t found an excuse to fire their one honest reporter, Sharyl Attkisson.
If this was a hospital, they’d shut the whole thing down. People are fired for minor HIPPA infractions.
Evreyone is confused!
“Operation Throw Barry and Obamacare Under the Bus to Save Liberalism as an Institution and the Democratic Party” well underway.