Two months out from its second launch date, Healthcare.gov isstill not fully secure and is vulnerable to putting consumers atrisk, government officials said Tuesday.

|

The Government Accountability Office said in a new reportthat privacy and security weaknesses still exist on the federalexchange website despite some strides made by the Centers forMedicare & Medicaid Services within the last year. The reportcomes nearly a year after the website’s troubled rollout, andfollowing a recent report that Healthcare.gov was hacked back in July, in which anunknown hacker infiltrated the site.

|

“While CMS has taken steps to protect the security and privacyof data processed and maintained by the complex set of systems andinterconnections that support Healthcare.gov, weaknesses remainboth in the processes used for managing information security andprivacy as well as the technical implementation of IT securitycontrols,” the GAO report said.

|

Specifically, GAO said, the CMS has not always “required orenforced strong password controls, adequately restricted access tothe Internet, consistently implemented software patches, andproperly configured an administrative network.”

|

“An important reason that all of these weaknesses occurred andsome remain is that CMS did not and has not yet ensured a sharedunderstanding of how security was implemented for the FFM among allentities involved in its development," the report said. "Untilthese weaknesses are fully addressed, increased and unnecessaryrisks remain of unauthorized access, disclosure, or modification ofthe information collected and maintained by Healthcare.gov andrelated systems, and the disruption of service provided by thesystems.”

|

In addition to detailing the site’s faults, in its 78-pagereport, GAO also detailed six recommendations for HHS, whichinclude analyzing and documented all privacy risks, establishingdetailed security roles for site contractors and performing acomprehensive security of all HealthCare.gov systems.

|

Top Republican leaders were quick to criticize theadministration after the release of the report, with GOP committeeleaders in the House and Senate slamming the troubled site'sproblems in a letter to CMS Administrator Marilyn TavennerWednesday.

|

"These continuing security issues surrounding HealthCare.gov arecause for concern not just by Congress, but for all Americans whohave a right to expect that the government will protect theirinformation," the lawmakers wrote.

|

Obamacare's second enrollment period begins Nov. 15.

Complete your profile to continue reading and get FREE access to BenefitsPRO, part of your ALM digital membership.

  • Critical BenefitsPRO information including cutting edge post-reform success strategies, access to educational webcasts and videos, resources from industry leaders, and informative Newsletters.
  • Exclusive discounts on ALM, BenefitsPRO magazine and BenefitsPRO.com events
  • Access to other award-winning ALM websites including ThinkAdvisor.com and Law.com
NOT FOR REPRINT

© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.