A top official working on healthcare.gov told lawmakers this week about two major security vulnerabilities, issues not disclosed publicly by the Obama administration as it pushes to convince Americans to sign up for Obamacare.
Teresa Fryer, the chief information security officer for the Centers for Medicare & Medicaid Services, told lawmakers of "two high findings" of risk — one of which was discovered just this week — according to interview transcripts released by the House Oversight Committee.
According to industry standards, a high finding represents a “significant political, financial and legal damage.”
"There were two high findings," Fryer told the lawmakers. " I can't give you in detail what the two high findings were, but they are being remediated."
Fryer also warned senior administration officials against the certification of healthcare.gov's “Authority to Operate” (ATO) but CMS officials pressed ahead despite her objections.
"My recommendation was a denial of an ATO," which was given "to my management," said Fryer.
Fryer's manager at the time was Tony Trenkle, the former chief information officer at CMS. Trenkle has since left the administration for a job in the private sector.
In response to the leaked interview, CMS said the liabilities raised by Fryer have since been corrected.
Administration officials insist there have been no breaches of security at healthcare.gov. White House officials have also accused Oversight Chairman Darrell Issa, R-Calif., of selectively leaking interview transcripts to the media for political gain.
However, the airing of the security vulnerabilities clashes with the White House's insistence that Americans should be fully confident in signing up for Obamacare exchanges online.
"When consumers fill out their online marketplace applications, they can trust that the information they're providing is protected by stringent security standards and that the technology underlying the application process has been tested and is secure," White House press secretary Jay Carney said a month after the website's launch.
Republicans said the latest disclosures deal yet another major blow to Obamacare's credibility.
“It is deeply concerning that, almost three months after healthcare.gov was launched, we are still learning of new and serious security risks with the Obamacare website," Rep. Diane Black, R-Tenn., said.
“The fact is, this program was never ready to be launched, and it is reprehensible that this administration would proceed with implementation when the security of millions of Americans’ personal information is at risk from cyber threats and identity theft,” she added.