• The Heritage Network
    • Resize:
    • A
    • A
    • A
  • Donate
  • Chief Information Security Officer for Obamacare: I Told HHS the Website Wasn’t Safe

    According to news reports, a government security expert at the heart of Healthcare.gov told Members of the House Oversight Committee that she informed HHS that the website was too dangerous to use.

    In the days leading up the Obamacare rollout, Teresa Fryer, the Chief Information Security Officer at the Centers for Medicare and Medicaid Services (CMS), which oversees Healthcare.gov, recommended “a denial of Authority to Operate (ATO)” because she viewed it as “a high risk.” Despite her expertise on security issues and her responsibility for the security of the website, Fryer’s multiple warnings were overruled by her superiors.

    As a result, the website went forward, not only with crippling errors that stopped the website cold, but also with critical security risks. The government defines a “high risk” as that which could have a “severe or catastrophic adverse effect on organizational operations, organizational assets, or individuals.” While a CMS spokesperson has said that the security measures are in place and no successful attacks have occurred, Fryer knows the truth of cybersecurity: You may have been hacked or have a serious vulnerability in your system and not even know about it. These “unknown risks” can’t be fixed or mitigated because no one even knows they exist.

    So not only were there known “high risks,” but the system wasn’t even fully tested to find other potential threats. Indeed, since the website launched, Fryer said that other “moderate” and “low” security risks were found, and others may still be out there.

    Armed with this knowledge of known and unknown threats, Fryer reportedly recommended that the website not go live. Fryer not only told her boss, the now-retired Chief Information Officer of CMS Tony Trenkled, but she also briefed Secretary of Health and Human Services Kathleen Sebelius’s top information officers including Healthcare.gov’s chief project manager, HHS’s chief information security officer, and the HHS Deputy Assistant Secretary for Information Technology. They decided to ignore her warnings, despite the potentially “catastrophic” danger that it posed to Americans’ personal information.

    Perhaps even worse, Secretary Sebelius testified before Congress on Oct 30 and told Congress that “I can tell you that no senior official reporting to me ever advised me that we should delay. We have testing that did not advise a delay. So not—not to my knowledge.”

    This means one of two things: Either Secretary Sebelius did know and lied to Congress, or her staff is incredibly incompetent for not informing her of a risk of this magnitude. With consistent disregard for the rule of law and Americans’ security, privacy, and wallets, it should be clear that Obamacare is wrong for the U.S.

    Posted in Capitol Hill, Front Page, Obamacare [slideshow_deploy]

    Comments are closed.

    Comments are subject to approval and moderation. We remind everyone that The Heritage Foundation promotes a civil society where ideas and debate flourish. Please be respectful of each other and the subjects of any criticism. While we may not always agree on policy, we should all agree that being appropriately informed is everyone's intention visiting this site. Profanity, lewdness, personal attacks, and other forms of incivility will not be tolerated. Please keep your thoughts brief and avoid ALL CAPS. While we respect your first amendment rights, we are obligated to our readers to maintain these standards. Thanks for joining the conversation.

    Big Government Is NOT the Answer

    Your tax dollars are being spent on programs that we really don't need.

    I Agree I Disagree ×

    Get Heritage In Your Inbox — FREE!

    Heritage Foundation e-mails keep you updated on the ongoing policy battles in Washington and around the country.

    ×