Ranking Members Waxman and DeGette Release Memo on Healthcare.gov Security
Today Energy and Commerce Committee Ranking Member Henry A. Waxman and Oversight and Investigations Subcommittee Ranking Member Diana DeGette released a memo to Democratic Committee members regarding the security of Healthcare.gov. In a classified briefing two days ago, HHS officials revealed that there have been no successful security attacks on Healthcare.gov and that no person or group has maliciously accessed personally identifiable information from the site.
The memo summarizes the non-classified portion of the briefing. HHS officials told members and staff that there have been a total of 32 Healthcare.gov Information Security Incidents. Eleven incidents are under investigation. Of the remaining events, three were classified as non-incidents; one was an attempted (but unsuccessful) scan of the system; two were classified as “inappropriate usage” in violation of acceptable computing use policies; and fifteen were classified as “unauthorized access” where an individual accidentally gained access to unauthorized information. None of these events involved a significant breach of personal information.
HHS officials indicated that they were conducting ongoing 24-7 system monitoring and ongoing assessments in order to ensure and strengthen system security.
The memorandum is available online here.