By Peter Roskam
Before its launch on October 1st, the health care law's exchange website repeatedly failed internal tests, crashing with as few as 200 or 300 people on the site. Yet the Obama Administration pushed ahead, launching Healthcare.gov without the most basic end-to-end security tests. At a recent Congressional hearing, Health and Human Services Secretary Kathleen Sebelius was asked whether she would shut down Obamacare's exchange website until all its security risks were addressed. She flatly refused. With the hasty launch of Obamacare, the Obama Administration continues to jeopardize the security of millions of American's personal information thanks to a vulnerable website built for a structurally flawed program.
Just how bad is Healthcare.gov? Security experts warn that there are "considerable safety risks" that "hint at deeper vulnerabilities" due to cutting corners on security testing and ignoring industry standards. Just days before the launch, an internal memo warned of "high" security risks but the head of the agency that created Healthcare.gov signed off on it anyway. Software testers have already found several security breaches where hackers can get access to your email and security questions or rig the site to send password-reset information to a third party. Just last week, a North Carolina man tried to log onto the website and got a South Carolina man's personal information. This isn't just an illustration of an incompetent launch; it's a serious threat to the safety of your personal information.
The website's technical shortcomings are well-documented, but of deeper concern is the rampant potential for security vulnerabilities on the backend of the website, the law's massive "data hub." The hub will collect the information that people submit to Healthcare.gov when they enroll in the exchanges, and allow the staff of seven different sprawling federal agencies to access it. It has already been forced to go dark for days at a time for technical maintenance. This invokes little confidence that the data hub will be able to keep Americans' private data safe, making it a goldmine for hackers looking for people's personal information for identity theft and fraud.
On the personnel side, concerns have been raised about the thousands of Obamacare staffers, known as navigators, who are hired to help Americans sign up for health insurance on the exchanges. These national navigators take a brief 20-hour training course, don't undergo background checks and are then cleared to handle Americans' personal information. During a Congressional hearing, Secretary Sebelius admitted that convicted felons could pass federal requirements to become navigators, allowing them to have access to your Social Security number, date of birth, tax records and much more. State officials around the country are sounding the alarm, saying that there's "no doubt" fraudsters will see this as an open invitation to commit identity theft, creating "a real disaster."
Additionally, the way the Administration is choosing to implement the law makes Obamacare ripe for fraud. In July, the White House announced it would waive the process to check if an individual is eligible for federal subsidies to buy health insurance. This shortcut allows anyone to "self attest" that they qualify to get a government check under the law, clearing the way for billions in fraudulent payments. House Republicans rang alarm bills, pushing legislation that demands that the verification process be in place so taxpayer-funded subsidies don't go out on the honor system alone. Unfortunately, in response, the Administration put in place a relative fig leaf to certify that verification processes are in place on January 1st, but they won't actually determine the effectiveness of the process until July 1st -- six months later -- after many of the subsidies have already gone out. This half-measure fix doesn't solve the problem and doesn't protect your hard earned tax dollars from ending up in the hands of fraudsters.
It's clear the Obama administration is more interested in trying to prop up Obamacare's public image than take the time and effort to keep your personal information secure. Unfortunately, millions of Americans are now required to buy health care coverage from the government, yet the program is riddled with gaping security holes that the Administration is aware of, yet unwilling to fix. Americans deserve a government that is doing everything in its power to keep you safe as it relates to your private information. That's why the House will not stop its aggressive oversight, will strengthen anti-fraud efforts and demand the Administration put key protections in place in the law. When a person's private information is exposed, it can cause a ripple effect that impacts their identity, finances, employment and everyday life.