Nearly three months after its launch and as millions of Americans log on to shop for health plans, HealthCare.gov has still had serious security vulnerabilities, according to documents and testimony obtained exclusively by ABC News. There have been "two high findings" of risk -- the most serious level of concern -- in testing over the past few weeks, the top Centers for Medicare and Medicaid Services (CMS) cybersecurity official told the House Oversight Committee on Tuesday in a private transcribed interview. It's a "vulnerability in the system," CMS chief information security officer Teresa Fryer told the committee of one of the issues.
Congressional Republicans start with a clear goal when it comes to the Affordable Care Act: discourage consumers from enrolling and gaining coverage. In October and November, that job was easy: because healthcare.gov was such a dysfunctional mess, GOP lawmakers didn't have to work too hard to advance their policy objective.
But now that the system is vastly improved, Republicans can't simply condemn the website and hope for the best; they have to persuade Americans that the website is too dangerous for consumers to even try. It's why House Oversight Committee Chairman Darrell Issa (R-Texas) has hosted ridiculous "field hearings," and it's why his office leaked this story to ABC News yesterday.
To be sure, that sounds alarming, but we've seen plenty of reports based on leaked partial transcripts, "obtained" by news organizations from Darrell Issa's office, most of which turn out to be misleading -- or completely false.
So I checked in with Democrats on the House Oversight Committee, who said "key details" from Teresa Fryer's transcript "were omitted" before it was leaked to ABC. It's true that security testing uncovered a recent vulnerability, but Issa's leak left out relevant facts: there have been no security breaches, the vulnerability was identified and fixed, and Fryer sees the security measures in place as "best practices above and beyond what is usually recommended."
In a statement, Rep. Elijah Cummings (D-Md.), ranking member of the Oversight Committee, said, "Chairman Issa's reckless pattern of leaking partial and misleading information is now legendary for omitting key information that directly contradicts his political narrative....This effort to leak cherry-picked information is part of a deliberate campaign to scare the American people and deny them the quality affordable health insurance to which they are entitled under the law."
Much of this, incidentally, was left out of ABC's original report, though it's since been updated.
I'm not even sure what Issa hoped to accomplish with this particular partial-transcript leak. What we've learned is that security testing for healthcare.gov is constant; vulnerabilities have been very rare; when they've popped up the problems have been identified and resolved quickly; and the site has experienced exactly zero security breaches. This is hardly the stuff of scandal.
But the larger point is that Issa's favorite trick -- leaking a partial transcript of closed-door testimony, after editing it in a misleading way -- is now so common, reporters have to be more cautious when the Oversight Committee chairman's office calls and says, "Have I got a scoop for you."
Dec. 21, 201310:17