TRENDING:

New GOP HealthCare.gov Security Probe

Former U.S. CTO Todd Park Called on to Testify at Hearing Marianne Kolbasuk McGee (HealthInfoSec) • October 30, 2014    
New GOP HealthCare.gov Security Probe
Todd Park

A House Committee chairman has issued a subpoena to former U.S. Chief Technology Officer Todd Park, calling on him to testify next month about the security of Obamacare's HealthCare.gov website and systems.

See Also: Close Your Third-Party Risk Vulnerability Gap

Rep. Lamar Smith, R-Texas, chair of the House Science, Space and Technology Committee, issued the subpoena to Park to appear at a Nov. 19 hearing held by its subcommittee on oversight. Park left the CTO post in August, but continues to serve as a technology adviser to the White House.

A statement on Smith's website says the subpoena "compels" Park to answer questions regarding his role in developing and evaluating the operations and security of Healthcare.gov. "The Obama administration has [previously] failed to provide this committee with information about the security of the Obamacare website," the statement says. "What is the White House trying to hide?"

Security Steps

Last month, Centers for Medicare and Medicaid Services administrator Marilyn Tavenner testified before the House Committee on Oversight and Government Reform that the agency was taking dozens of steps recommended by the Government Accountability Office to improve HealthCare.gov security before the next open enrollment season for Obamacare launches on Nov. 15.

Also, CMS recently confirmed that on August 25, a HealthCare.gov test server was hacked (see HealthCare.gov Server Hacked). "Our review indicates that the server did not contain consumer personal information; data was not transmitted outside the agency, and the website was not specifically targeted," CMS said. "We have taken measures to further strengthen security."

The issue of whether the federally facilitated HealthCare.gov had undergone thorough security testing and risk mitigation prior to the Affordable Care Act's initial open enrollment launch on Oct. 1, 2013, has been an ongoing point of contention with some members of Congress, and the subject of several hearings.

GOP Report

In Smith's statement, he alleges a new GOP report sheds light on Park's involvement in the development of HealthCare.gov.

The report says that on Nov. 13, 2013, Park testified under oath before the House Oversight and Government Reform Committee that he did not "actually have a really detailed knowledge" of the HealthCare.gov website before it was launched and was "not even familiar with the development and testing regimen that happened prior to October 1."

However, the GOP report alleges that a review of e-mails provided to the House Oversight and Government Reform Committee from the Department of Health and Human Services, which oversees CMS, indicates that:

  • Park communicated regularly with all major government and contractor personnel involved with the website's development prior to Oct. 1, 2013;
  • Park appears to have been a principal liaison to the White House and the press about development of the HealthCare.gov website prior to its "ill-fated launch"; and
  • Park "appears to have been a contributing source of schedule pressure that the website be launched on Oct. 1, 2013."

A watchdog agency within the Treasury Department this week issued a report recommending that the Internal Revenue Service needs to put into place additional procedures to ensure that Obamacare health insurance exchanges properly safeguard consumer tax information (see IRS Told To Beef Up Obamacare Scrutiny).

Previous
ONC's DeSalvo Stays On: Questions Arise
Next
Researchers Describe New Air-Gap Threat

About the Author

Marianne Kolbasuk McGee

Marianne Kolbasuk McGee

Executive Editor, HealthcareInfoSecurity, ISMG

McGee is executive editor of Information Security Media Group's HealthcareInfoSecurity.com media site. She has about 30 years of IT journalism experience, with a focus on healthcare information technology issues for more than 15 years. Before joining ISMG in 2012, she was a reporter at InformationWeek magazine and news site and played a lead role in the launch of InformationWeek's healthcare IT media site.



Around the Network

Safeguarding Critical OT and IoT Gear Used in Healthcare
Safeguarding Critical OT and IoT Gear Used in Healthcare
Properly Vetting AI Before It's Deployed in Healthcare
Properly Vetting AI Before It's Deployed in Healthcare
Medical Device Cyberthreat Modeling: Top Considerations
Medical Device Cyberthreat Modeling: Top Considerations
Evolving Threats Facing Robotic and Other Medical Gear
Evolving Threats Facing Robotic and Other Medical Gear
Identity Security and How to Reduce Risk During M&A
Identity Security and How to Reduce Risk During M&A
Protecting Medical Devices Against Future Cyberthreats
Protecting Medical Devices Against Future Cyberthreats
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
Transforming a Cyber Program in the Aftermath of an Attack
Transforming a Cyber Program in the Aftermath of an Attack
How 'Security by Default' Boosts Health Sector Cybersecurity
How 'Security by Default' Boosts Health Sector Cybersecurity
Is It Generative AI's Fault, or Do We Blame Human Beings?
Is It Generative AI's Fault, or Do We Blame Human Beings?

Continue »

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.