CMS Security Memo Warned 'The Threat and Risk Potential is Limitless'

CBS’ Sharyl Attkisson reports that a September security memo by a CMS employee warned of “limitless” risk potential with the new site.

Henry Chao was the project manager at CMS working on Obamacare’s federal exchange. During a nine hour interview held behind closed doors with congressional investigators, Chao was asked about a September 3rd security memo which warned “the threat and risk potential is limitless.”

The memo was written by another CMS employee. During his testimony
Chao claimed he was unaware of it and said he recalled being told there were no high risk issues with the site.

Asked to define the meaning of a high risk security issue Chao told investigators “the vulnerability could be expected to have a severe or catastrophic
adverse affect on organizational operations … assets or individuals.”

The memo identified two specific security issues which were considered high risk, neither of which could be addressed prior to the Oct. 1, 2013 launch date. One of the issues had a deadline of 2015.

So far there has been one instance where private information entered into the exchange was delivered to the wrong person. CMS claimed this was the result of a glitch which was fixed a few days later with a software patch.