Nearly three months after its launch, HealthCare.gov underwent end-to-end security testing and passed with flying colors, the top cybersecurity official overseeing the website told Congress [Thursday]. Teresa Fryer, the chief information security officer for the Centers for Medicare and Medicaid Services, told the House Oversight Committee that results from the tests have alleviated her earlier concerns about risks of cyberattacks and theft of consumers' personal information.
Given his habit of leaking bits of sensitive information that come into his hands as Oversight chairman, and then national media organizations running with the incomplete "scandalous" information they have, the administration has been worried about letting more information about the website's construction and its security protocols into his hands. If that kind of information were to be leaked, the security threat would be very real. That's why Rep. Elijah Cummings, ranking member of the Oversight Committee, has demanded that the committee put a series of protections of sensitive information. Cummings has a number of concerns, including the fact that committee staff has left sensitive information in unsecured rooms, that Issa is sharing sensitive information with outside consultants who haven't been authorized by the committee, and that the committee as a whole hasn't adopted security protocols for dealing with this kind of information. Issa delegated to a staffer to blow off all of these concerns. Issa spokeswoman Caitlin Carroll said in response, "The committee is comfortable with the protocols we have utilized to prevent the release of sensitive technical information. [...] We have also told the Minority that they are welcome to consult with us on any questions they have about information they intend to release." Welcome to consult, but don't expect us to listen.