Top Healthcare.gov security officer: ‘I recommended delaying rollout, was overruled’

Top Healthcare.gov security officer: ‘I recommended delaying rollout, was overruled’

Obamacare website busyA top Healthcare.gov security officer told Congress this week that recommendations she made to limit access to the site owing to serious vulnerabilities were overruled by higher-ups in the Obama administration. CBS News’s Sharyl Attkisson has the story:

Teresa Fryer, the chief information security officer for the Centers for Medicare and Medicaid Services (CMS) … was interviewed Tuesday behind closed doors by House Oversight Committee officials. The security risks were not previously disclosed to members of Congress or the public. Obama administration officials have firmly insisted there’s no reason for any concern regarding the website’s security.

[…]

Details are not being made public for security reasons but Fryer testified that one vulnerability in the system was discovered during testing last week related to an incident reported in November. She says that as a result, the government has shut down functionality in the vulnerable part of the system. Fryer said the other high-risk finding was discovered Monday. [Emphasis added]

In another security bombshell, Fryer told congressional interviewers that she explicitly recommended denial of the website’s Authority to Operate (ATO), but was overruled by her superiors. The website was rolled out amid warnings Fryer said she gave both verbally and in a briefing that disclosed ‘high risks’ and possible exposure to ‘attacks.’

“My recommendation was a denial of ATO,” Fryer told the committee during her day-long testimony. She told House members that her first recommendation to then-CMS chief information officer Tony Trenkle was made soon after the launch of the website on Oct. 1. She said, “I had discussions with him on this and told him that my evaluation of this was a high risk.” Trenkle retired from his CMS job on Nov. 13.

This is the first time a government insider has gone on record challenging the administration’s insistence that there were no worrisome security concerns.

When confronted with Fryer’s claims, Health and Human Services Secretary Kathleen Sebelius issued a denial, saying, “I can tell you that no senior official reporting to me ever advised me that we should delay.” But Fryer maintains that she briefed Sebelius’ top information officers at HHS in a teleconference Sept. 20, urging that the website launch be delayed for security reasons.

Fryer further testified that the the participants in the conversation included Healthcare.gov’s chief project manager Henry Chao, HHS chief information security officer Kevin Charest, and HHS Deputy Assistant Secretary for Information Technology Officer Frank Baitman. She says she was advised three days later that her advice was not going to be followed.


LU Staff

LU Staff

Promoting and defending liberty, as defined by the nation’s founders, requires both facts and philosophical thought, transcending all elements of our culture, from partisan politics to social issues, the workings of government, and entertainment and off-duty interests. Liberty Unyielding is committed to bringing together voices that will fuel the flame of liberty, with a dialogue that is lively and informative.

Commenting Policy

We have no tolerance for comments containing violence, racism, vulgarity, profanity, all caps, or discourteous behavior. Thank you for partnering with us to maintain a courteous and useful public environment where we can engage in reasonable discourse. Read more.

You may use HTML in your comments. Feel free to review the full list of allowed HTML here.

Facebook Comments

Disqus Comments