House Oversight and Government Reform Committee Chairman Rep. Darrell Issa, R-Calif., has summoned Centers for Medicaid and Medicare Services Administrator Marilyn Tavenner to testify on the security of Healthcare.gov in the aftermath of Thursday’s revelation that hackers had breached one of the website’s test servers.
Issa, a staunch opponent of Healthcare.gov, issued a statement within hours of CMS and the Department of Health and Human Services’ confirmation of the breach. Despite HHS’ claim that the attack — a common form of malware designed to launch a denial of service attack against other websites — did not endanger users’ personally identifiable information, Issa demanded answers on the site’s security.
“Considering this Administration launched healthcare.gov over the objections of CMS, it’s unsurprising that the website has suffered a ‘malicious attack,’” Issa said. “For nearly a year, the Administration has dismissed concerns about the security of healthcare.gov, even as it obstructed Congressional oversight of the issue. The Committee will continue to push for answers from the Administration and Administrator Tavenner must testify on the subject of transparency, accountability, and information security alongside the Government Accountability Office at our September 18th hearing.”
In the aftermath of the hack, Republicans — noted for their dogged resistance to the Affordable Care Act and repeated calls to repeal the law — have been eager to chime in.
“Despite numerous warnings from myself and other lawmakers that security breaches were possible, HealthCare.gov underwent virtually no independent security testing,” said Sen. Orrin Hatch, R-Utah. “It’s yet another deeply disturbing failure of the president’s health law, and once again it is the American people who are bearing the brunt of the law’s failures.”
Similarly, House Energy and Commerce Health Subcommittee Chairman Joe Pitts, R-Pa., called the breach a systemic failure, one that “does not come as a surprise.”
“For months we have been demanding answers and transparency about the status of building and securing the exchange and our requests have been repeatedly met with resistance,” Pitts said. “Does President Obama still object to providing Americans with the peace of mind that they will be alerted if their personally identifiable information is jeopardized? The administration has been reckless in its implementation of the law, relying on a faulty and incomplete website from the get-go.”
Even Delaware Democrat Sen. Tom Carper found the hack “deeply troubling,” making it more than a partisan attempt to rub salt on the wound.
“We need to make sure this website, and all other government systems, are adequately protected and not vulnerable to attacks,” Carper said in a statement. “It is critical that Congress work with the Administration and stakeholders to reform our laws to better combat attacks from malicious actors and comprehensively address our serious cyber challenges to protect our nation, its people, its critical infrastructure, and its economy. We can’t afford more delay on this issue.”
It remains unclear who was behind the breach, but HHS officials said they do not believe it was a targeted attack. Several other private sector and federal websites fell victim to the malware as well. Thankfully, the server did not communicate externally, therefore not spreading the attack. Also, officials say the breached server did not contain any personal information.
For now, HHS said Healthcare.gov will continue to operate as normal, closing in on its open enrollment period, planned to launch in November.