Hacking of Obamacare site just another disaster
Last week, a hacking scandal had the internet and every cable news station in a frenzy. While the commentators obsessed over hacked nude celebrity photos, a far more destructive and invasive breach of privacy went largely unreported: the Department of Health and Human Services announced that HealthCare.gov, the federal Obamacare website, was hacked in July, potentially leaving millions of American’s private information in the hands of criminals. While the celebrity photo hack was a gross violation for a select few, the Healthcare.gov hack is far more significant and has the potential to leave millions of working Americans vulnerable to identity theft.
The creation of HealthCare.gov was to help individuals purchase health insurance. Designated as a “Data Services Hub,” this site collects private information from consumers. Once obtained, this information is routed to state exchanges, healthcare plans, and state and local agencies for enrollment. Therefore, the security of HeathCare.gov is paramount.
While Obamacare has privacy and security guidelines, they’ve been ineffective at preventing security breaches. Last week, federal officials reported that a hacker broke into HealthCare.gov and uploaded malicious software. While it appears no personal data was taken, this is only the first successful hacking of a website where millions of Americans’ personal information is stored. In fact, the break-in wasn’t discovered until several weeks later during a routine scan. If it can happen once, it will likely happen again, and federal officials haven’t announced plans to correct the immediate problem.
In Congress, I take threats to Americans’ personal information very seriously. Multiple committees have held hearings investigating the privacy protections and overall security of the Healthcare.gov website. I wrote to then-Secretary of Health and Human Services Kathleen Sebelius raising serious questions about site security and urging her to take down the website until these security measures were addressed. I also cosponsored H.R. 3811, the “Exchange Information Disclosure Act.” This bill requires the Secretary of Health and Human Services to notify any individual whose personally identifiable information was stolen or accessed unlawfully. H.R. 3811, an effort to provide greater transparency for the American people, passed the U.S. House of Representatives with bipartisan support on a vote of 291-122. The Senate so far has refused to take up this commonsense security bill.
Sometimes problems come out of nowhere, but this one was obvious. The rollout of Obamacare has been a disaster, and an expensive one at that. We’ve spent over a billion dollars on the state and federal webpages alone. Lackluster security and now this delayed response to a major security breach should surprise no one. The federal government has no business collecting and holding your personal health information online. Healthcare.gov is one of the most lucrative targets for identity thieves and it’s a certainty that hackers will strike again. It’s time for the president to work on solutions, and it’s time for the Senate to move on H.R. 3811.