Policy: Technology

House GOP targets Obamacare security risks

By |
Politics,Obamacare,Health Care,PennAve,Susan Crabtree,Eric Cantor,CMS,Cybersecurity,House Republicans,Technology,HHS

House Republicans will begin the new year by teeing up another shot at Obamacare -- this time taking aim at the risks the online enrollment process poses to Americans' personal privacy.

House Majority Leader Eric Cantor, R-Va., sent a memo to colleagues Thursday informing them of his plans to schedule a vote when Congress returns next week on a bill that would require the government to notify individuals if their personal information has been compromised on healthcare.gov or in the process of sharing it with other government agencies or insurance companies.

The memo, first reported by The Hill newspaper, leads off with a reference to the breach of consumer's personal financial information at department-store chain Target two weeks ago.

“While the Target breach has received well-deserved attention, another report last week also deserves attention,” Cantor wrote. “Experian, the credit bureau, which also has a division that works on data breaches, released a report that stated, 'The healthcare industry, by far, will be the most susceptible to publicly disclosed and widely scrutinized data breaches in 2014.' ”

The report's author said he based that prediction at least partly on reports of security breaches on healthcare.gov and the websites of health insurance exchanges established in various states, Cantor noted.

While most of the focus over the last few months has been on healthcare.gov's technical problems, Republicans in Congress have pressed the Obama administration on the website's security.

Rep. Mike Rogers, R-Mich., who chairs the House Intelligence Committee and has held several cybersecurity hearings, has repeatedly challenged the administration's assurances that people's private information is secure when they are enrolling in the federal insurance exchanges.

Republicans want the Obama administration to alert consumers if their personal information has been compromised but a federal rule published by the Centers for Medicare and Medicaid Services in August gives the agency the responsibility to determine “whether a risk of harm exists and if individuals need to be notified.”

“If a breach occurs, it shouldn't be up to some bureaucrat to decide when or even whether to inform an individual that their personal information has been accessed,” Cantor wrote.

Several House Republicans, including Reps. Diane Black of Tennessee, Kerry Bentivolio of Michigan and Gus Bilirakis of Florida, have introduced bills aimed at strengthening security requirements surrounding the Obamacare enrollment process that would require the federal government to promptly notify consumers of any breach involving personal information.

The administration has repeatedly downplayed healthcare.gov's security vulnerabilities and assured the public that private information is protected on the website.

Health and Human Services spokeswoman Joanne Peters has said consumers can trust the safety of the information they're providing because it is protected “by stringent security standards and that the technology underlying the application process has been tested and secure.”

“Security testing happens on an ongoing basis using industry best practices,” she said.

But tech experts have disputed those claims, and some professional hackers have found hiccups in the system over the last few months that allowed them to gain access to users' applications and accounts.

Those working to fix the problems with healthcare.gov say they have worked to close any security vulnerabilities that have arisen, but Republicans worry that officials have focused the lion's share of their energy on getting the website operational instead protecting consumers' information.

View article comments Leave a comment