Healthcare.gov site still a security nightmare and a hacker’s dream

Almost a year after the disastrous launch of Healthcare.gov, the Obamacare web site that cost millions to stand up and, yet, was still a staggering failure, the site remains a barely-functional, vulnerability-ridden mess. And that, ladies and gentlemen, is according to the Obama Administration’s own Government Accountability Office (GAO):

Despite efforts to protect patient information on the HealthCare.gov website, a new government watchdog report scheduled to be released Thursday says security issues are still a concern.

According to the Government Accountability Office report, “weaknesses remained in the security and privacy protections applied to HealthCare.gov and its supporting systems.”

According to the report, the GAO made 6 specific recommendations to HHS to fix security and privacy vulnerabilities and 22 recommendations to fix technical security weaknesses in those security and privacy controls mechanisms that they did actually deploy. HHS, I would like to note, has agreed to 3 of those specific implementation recommendations and all 22 of the technical fixes on what’s actually there. That means that HHS is fully aware that those weaknesses are present in what they’ve deployed and that 3 of the 6 things the GAO wants implemented are things HHS agrees ought to be there. Speaking as a professional in this field, that ain’t a good position to be sitting in and claiming to be running a good program.

The media has allowed the Obama administration to sweep a lot of the Healthcare.gov mess under the rug in the last year so let me remind everyone that the critical back-end systems – the specifically mandated-by-law requirements to check immigration status and income records, and to do so before an individual is allowed to apply subsidies to their insurance plan – aren’t finished and functioning even now. Years into this program and several tens of millions of dollars and they still don’t have a web site that does even remotely close to what was promised and what the law requires.

As a result of those deficiencies, the personal information of millions of citizens has been placed at risk and lots of it has already been compromised by hackers. The systems that were supposed to keep people who don’t qualify for subsidies from getting them in the first place aren’t implemented, meaning that people are likely going to have to repay some of the funding they’re already received. That lack of income checking has placed as many as 360,000 people in danger of losing their subsidies, making that “affordable” insurance plan anything but. Obama’s people take turns sounding tough and claiming that they’ll enforce that repayment if those people identified don’t provide income documentation. On the other hand, there’s talk from some in the Obama Administration that they will simply waive the repayment in order to garner votes, thus putting the taxpayers on the hook for even more and making this law – already completely unable to meet the “pays for itself” criteria so touted when it was being rammed through Congress – even more expensive than thought.

There gets to be a point at which serious people who are really interested in addressing the actual issues of the day must, if they wish to be ethically forthright, question whether the entire concept needs to be re-thought and perhaps a new course charted. I’d like to think there are people in the needed positions who will think that way, but with this current Administration, I know better.

Advertisements