Security documents from a contractor for the troubled Obamacare website show federal officials knew the site was "vulnerable" before its Oct. 1 launch yet downplayed the risks, House Oversight Chairman Darrell Issa charged
In a stern letter to Health and Human Services Secretary Kathleen Sebelius, the California Republican also agreed to meet with the White House "to discuss concerns about both the decision to move forward with the website launch despite known vulnerabilities and ongoing concerns about site security."
Issa has been in a pitched battle with the White House over his probe
of the HealthCare.gov website woes and committee attempts to read contractors' reports on specific security problems.
On Monday, he used social media to blast the White House for the security lapses, tweeting:
For its part, the Obama administrataion has fought tooth and nail
to keep the documents out of Issa's hands — claiming it didn't trust Issa with the sensitive data.
In his letter, Issa said his review of subpoenaed documents from site contractor, MITRE Corp. found both the information and White House response disturbing.
“Of the 28 separate security vulnerabilities identified in the October 11 report, MITRE reported that 19 remained unaddressed," Issa wrote. "Among the unaddressed security risks that went live on October 1, MITRE indicated eleven ‘will significantly impact the confidentiality, integrity and/or availability of the system or data….’ if the technical or procedural vulnerability is exploited."
Issa withheld releasing "sensitive technical details" in the documents, but did write in his letter that one summary stated: "Any malicious user having knowledge of this can perform unauthorized functions," while the summary of another "discusses a system weakness that makes a particular type of sensitive information vulnerable" that "increases the risk that they will be captured by an attacker."
A third lapse involved HHS' responsibility to "to address in the days immediately before launch" sensitive data that was able not only to be seen but edited by an "attacker," Issa wrote.
Issa also railed at the White House's characterizations of his unwillingness to talk with officials about the security problems.
“Indeed, my staff repeatedly has told your staff that it would welcome a page by page discussion of the MITRE documents and any concerns about the public release of any information once the documents were properly and fully produced to the committee," Issa countered.
HHS spokeswoman Joanne Peters categorically denied the agency ignored vulnerabilities before its launch, The Hill reported.
“Each piece of the live Healthcare.gov system that was going into operation October 1st had been tested by an independent security control assessor and testing was completed prior to October 1, 2013 with no high findings,” she said, adding there've been no "successful security attacks" and that "no person or group has maliciously accessed personally identifiable information from the site."
The Hill reported the White House-Issa feud hit a low point
Monday when the White House general counsel and seven Democrats, sidestepping Issa altogether, asked House Speaker John Boehner to make sure the chairman wouldn't leak any data to the press.
© 2014 Newsmax. All rights reserved.