(Bloomberg) The Obama administration tells Congress that the federal governments health insurance enrollment system has never been hacked, countering Republican claims that users information might be at risk.
There have been 32 information security incidents at healthcare.gov as of Dec. 11, Rep. Henry Waxman, a California Democrat, said in a memo Friday following a briefing with security officials from the U.S. Department of Health and Human Services. None of those incidents, which were serious enough to merit investigation, resulted in a breach, he said.
Republicans have raised concern that the federal health exchange serving 36 states is vulnerable, citing Obama administration e-mails that showed a full round of security tests werent completed prior to the websites Oct. 1 debut. Republicans on the House Science, Space and Technology Committee held a Nov. 19 hearing, where a white-hat hacker demonstrated how the site might hypothetically be breached.
No person or group has hacked into healthcare.gov, and no person or group has maliciously accessed any personally identifiable information from users, Waxman said in his memo, which was sent to his colleagues on the House Energy and Commerce Committee.
A spokeswoman for the Republican who leads that committee, Rep. Fred Upton of Michigan, didnt immediately respond to a request for comment. A spokesman for the agency overseeing healthcare.gov also wasnt immediately available.
The federal website covers 36 states while 14 states have created their own marketplaces for people to shop for insurance with the help of government subsidies as part of the Affordable Care Act.
The governments computers collect personal information such as family size and Social Security numbers, as well as financial records and other data from seven federal agencies to determine what health plans people can buy and whether theyll receive tax credits. Kathleen Sebelius, the U.S. Health and Human Services secretary, told senators at a hearing last month that little of the information is stored by the government.
Of the 32 security incidents, Waxman said one was an attempted probe or scan of the system that wasnt successful, and another was a denial of service attack aimed at crashing the site that used malware named Destroy Obamacare. That attack also failed.
Fifteen events, classified as unauthorized access, involved people accidentally receiving information they shouldnt have gotten, including an incident in which a South Carolina mans personal information was sent to a person in North Carolina.
All the known glitches that caused these incidents have been fixed, Waxman wrote.
Eleven of the incidents remain under investigation, he said.
Register or login for access to this item and much more
All Health Data Management content is archived after seven days.
Community members receive:
- All recent and archived articles
- Conference offers and updates
- A full menu of enewsletter options
- Web seminars, white papers, ebooks
Already have an account? Log In
Don't have an account? Register for Free Unlimited Access