On Capitol Hill today 10/29/2013 the House Committee questioned HHS Secretary Sebelius on Obamacare Site Problems. Security issues were raised by Rep. Mike Rogers (R-MI). Concerns have been sited in a lack of end-to-end (integration) security testing. The web based healthcare system requires personal identity and key financial information to be entered and then validated by back-end government agencies. It is currently unclear if the security concerns may lead to successful hacker procurement of this valuable information to later be used for Identity Theft, but we hope not. Web based internet software has become a mainstream solution for collecting and storing this data and many knowledgeable experts on this subject can ensure data storage and encryption of the data when passed from server to serve. My experience is in system administration consulting and the infrastructure of the system (servers, databases, and protocols using port data encryption of the transfer of the data) is the key to understanding if any real Identity Theft risk exists.
“Rep Mike Rogers (R-MI) detailed Healthcare.gov’s security problems: “So let me tell you what you did. You allowed the system to go forward with no encryption on back-up systems. They had no encryption on certain boundary crossings. You accepted a risk on behalf of every user of this computer that put their personal financial information at risk because you did not even have the most basic end-to-end test on security of this system. Amazon would never do this. Proflowers would never do this. Kayak would never do this. This is completely an unacceptable level of security, and here’s the scary part, we found out after the contractors last week that an end-to-end test hadn’t been conducted on security, not functionality, because if it’s not functioning, you know it’s not secure. Your ongoing hot patches without end-to-end tests. The private contractors told us it would take a very thorough two months just for an integrated end-to-end security test, which hasn’t happened…”