US President Barack Obamaâ€™s new health care web site was initially vulnerable to cyber-attack and risked the personal information of millions of Americans, the cybersecurity chief for the US Health and Human Services Department, Kevin Charest, told Congress.
Under pressure to meet the self-imposed Oct. 1 deadline, HealthCare.gov allegedly didnâ€™t pass rigorous security testing and had technical problems before the launch, the Associated Press reported, citing excerpts of Charestâ€™s testimony to the House Oversight and Government Reform Committee.
“I get paid to be paranoid,” the cybersecurity officer said in a Jan. 8 deposition. “And so I wanted to understand the exact controls in place, what environment, what procedures, what policies. I would say that it didn’t follow best practices.”
Charest offered his security feed-back before the website went live. Teresa Fryer, another government cybersecurity expert, was also scheduled to testify before the panel Thursday. The security officer said she recommended against issuing full certification for the consumer-facing part of the website and wrote her concerns in a Sept. 24 memo, which was never sent.
The panel’s senior Democrat, Rep. Elijah Cummings of Maryland, said the administration addressed the potential vulnerabilities before the web site was launched.