Two months out from its second launch date, Healthcare.gov is still not fully secure and is vulnerable to putting consumers at risk, government officials said Tuesday.
The Government Accountability Office said in a new report that privacy and security weaknesses still exist on the federal exchange website despite some strides made by the Centers for Medicare & Medicaid Services within the last year. The report comes nearly a year after the website’s troubled rollout, and following a recent report that Healthcare.gov was hacked back in July, in which an unknown hacker infiltrated the site.
“While CMS has taken steps to protect the security and privacy of data processed and maintained by the complex set of systems and interconnections that support Healthcare.gov, weaknesses remain both in the processes used for managing information security and privacy as well as the technical implementation of IT security controls,” the GAO report said.
Specifically, GAO said, the CMS has not always “required or enforced strong password controls, adequately restricted access to the Internet, consistently implemented software patches, and properly configured an administrative network.”
“An important reason that all of these weaknesses occurred and some remain is that CMS did not and has not yet ensured a shared understanding of how security was implemented for the FFM among all entities involved in its development," the report said. "Until these weaknesses are fully addressed, increased and unnecessary risks remain of unauthorized access, disclosure, or modification of the information collected and maintained by Healthcare.gov and related systems, and the disruption of service provided by the systems.”
In addition to detailing the site’s faults, in its 78-page report, GAO also detailed six recommendations for HHS, which include analyzing and documented all privacy risks, establishing detailed security roles for site contractors and performing a comprehensive security of all HealthCare.gov systems.
Top Republican leaders were quick to criticize the administration after the release of the report, with GOP committee leaders in the House and Senate slamming the troubled site's problems in a letter to CMS Administrator Marilyn Tavenner Wednesday.
"These continuing security issues surrounding HealthCare.gov are cause for concern not just by Congress, but for all Americans who have a right to expect that the government will protect their information," the lawmakers wrote.
Obamacare's second enrollment period begins Nov. 15.
Complete your profile to continue reading and get FREE access to BenefitsPRO, part of your ALM digital membership.
Your access to unlimited BenefitsPRO content isn’t changing.
Once you are an ALM digital member, you’ll receive:
- Breaking benefits news and analysis, on-site and via our newsletters and custom alerts
- Educational webcasts, white papers, and ebooks from industry thought leaders
- Critical converage of the property casualty insurance and financial advisory markets on our other ALM sites, PropertyCasualty360 and ThinkAdvisor
Already have an account? Sign In Now
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
