The White House may have been lucky that so few of the Obamacare exchanges worked last October. Newly revealed documents show that CMS staffers were aware of security flaws which made connecting them to federal databases a “high risk” proposition at the time.
The House Oversight and Government Reform committee provided a cache of emails to the Associated Press which document the fact that “two-thirds of state systems that were supposed to tap into federalcomputers to verify sensitive personal information for coverage wereinitially rated as ‘high risk’ for security problems.” AP reports this continued right up until the deadline:
In one email from Sept. 29, a Sunday two days before the launch, Teresa Fryer, chief informationsecurity officer for the federal Centers for Medicare and Medicaid Services, wrote of the state security approvals, “The front office issigning them whether or not they are a high risk.”
The White House replied to Issa’s questions about security risks at launch by letter last week. They argued they were aware of the problems and that a “corrective action plan” was in place before they were allowed to connect.
It’s worth noting that corrective action plans were probably in place for any malfunctioning system that was in need of repair prior to launch. And yet, many states and the federal government were not able to roll out a working website in October or even November. Some states including Nevada, Oregon, Minnesota, Maryland and California continue to have problems well into 2014. If basic functionality is still an issue, how do we know basic security isn’t also a problem?