Tags: Barack Obama | Healthcare Reform | CMS | Healthcare.gov

Highlighting Healthcare.gov's Failures

Highlighting Healthcare.gov's Failures

Wednesday, 27 January 2016 03:04 PM Current | Bio | Archive

When James Madison argued in favor of a representative republic over a direct democracy in the Federalist Papers, he was most concerned about the emergence of political factions that would marginalize average citizens.

But Madison’s constitutional arrangement presumed that elected representatives who exercise firm control over public policy decisions. Over past few decades, those elected representatives have surrendered policy making decisions to unaccountable, cumbersome, incompetent administrative agencies.

Exhibit A: The U.S. Department of Health and Human Services (HHS).

Just a few days we released over 1,000 pages of new documents that show Obama administration healthcare officials knew that the Obamacare website, when it launched in 2013, did not have the required “authorization to operate” (ATO) from agency information security officials.

These documents, obtained from the U.S. Department of Health and Human Services (HHS), come in two productions of records: a 143-page production and an 886-page production. The email records reveal that HHS officials had significant concerns about the security of the Healthcare.gov site leading up to its Oct. 1, 2013, launch.

Unless Congress steps up to restore Madison’s representative republic, it falls to groups like JW to look out for the public interest against federal leviathan that is dangerously out of control.

We obtained the HHS documents in response to a court order in a Freedom of Information Act (FOIA) lawsuit.

On Sept. 21, 2013, 10 days before the launch of the Obamacare website, Centers for Medicare and Medicaid Services (CMS) Information Security Officer Tom Schankweiler discussed with Deputy Chief Information Officer Henry Chao 17 initial “moderate” security issues findings and two “high” security issues.

Two high findings and 3 moderate findings were resolved, according to the documents.

The emails also show that a separate security analysis found 17 “high” security issues, prompting Chao to ask, “What are we actually signing off on?” Schankweiler responded that the numerous security issues resulted in CMS Security Officer Teresa Fryer’s refusing to approve the ATO, something he indicated he found out belatedly.

The documents also show that on Sept. 30, 2013, the day before the website launch, Blue Canopy, a contractor that was testing the security of the Healthcare.gov system, reported that the “parsing engine did not properly handle specially crafted messages.” The vendor added, “As a result, consumption of these messages would cause the service to crash.”

Over six weeks later, a Nov. 6, 2013, email to colleagues George Linares, the acting chief technology officer of CMS, said that Healthcare.gov “is operating without an ATO [Authorization to Operate].” Further, he added, “Operating without an ATO is a serious issue and it represents a high risk to the agency.”

In a separate Nov. 6, 2013, memo sent a month after the initial website launch, as HHS prepared for a relaunch, CMS security testing contractor Adam Willard warned CGI Federal programmer Balaji Ramamoorthy, “it is possible for anyone to run a brute force [attack] against Healthcare.gov to obtain the results of their eligibility.” (CGI Federal the Canadian-owned IT contractor hired by CMS to oversee most of the Healthcare.gov website development. The Obama administration announced in January 2014 that it was replacing CGI Federal and hiring Accenture at a cost of $90 million. Don’t cry for CGI, as it continues to get billions in federal contracts.)

Perhaps the most telling indications of security officials’ serious misgivings about the security of the Obamacare website, even after its launch, were the HHS roll call manifests providing information about attendance and actions at meetings to discuss whether to proceed with a relaunch of the site.

Schankweiler, the key information security official, did not attend a November 2013 meeting to discuss deployment of a new version of Healthcare.gov and did not send a representative in his place.

As he was not present, Schankweiler, representing “Security”, is listed as the only official not voting (either yes or no) to approve the Healthcare.gov “promotion” or relaunch.

Sure enough a few weeks after this meeting, on Nov. 26, Schankweiler reiterated pressing security issues to CMS official Todd Couts: “I would like to escalate this ticket to high risk on the defect list."

The Obama administration is prosecuting private companies for the same security lapses it knowingly allowed with its own Healthcare.gov.

Will Justice Department prosecutors now investigate the Obamacare website security scandal?

In the meantime, Americans, thanks to JW – not Congress or the Big Media – now have been warned about the high risk of using Healthcare.gov.

We are all in jeopardy in the age of Obama.

Tom Fitton is the president of Judicial Watch. He is a nationally recognized expert on government corruption. A former talk radio and television host and analyst, Tom is well known across the country as a national spokesperson for the conservative cause. He has been quoted in Time, Vanity Fair, The Washington Post, The New York Times, and most every other major newspaper in the country. For more of his reports, Go Here Now.


© 2018 Newsmax. All rights reserved.

1Like our page
The Obama administration is prosecuting private companies for the same security lapses it knowingly allowed with its own Healthcare.gov. Will Justice Department prosecutors investigate the Obamacare website security scandal?
CMS, Healthcare.gov
Wednesday, 27 January 2016 03:04 PM
Newsmax Media, Inc.

Newsmax, Moneynews, Newsmax Health, and Independent. American. are registered trademarks of Newsmax Media, Inc. Newsmax TV, and Newsmax World are trademarks of Newsmax Media, Inc.

America's News Page
© Newsmax Media, Inc.
All Rights Reserved