Until last week, anyone could easily reset Obamacare applicants' passwords and potentially hijack their accounts. The glitch was discovered last week by a software tester in Arizona, and CNNMoney reported the security vulnerability on Tuesday. Health spokeswoman Joanne Peters told CNNMoney that the Department of Health made key changes this week, eliminating the "theoretical vulnerability."
Sebelius rebutted incorrect assertions by Republican Congressmen that the website had been hacked.
"There was not a breach," Sebelius said. "It was a theoretical problem that was immediately fixed."
Related story: Security hole found on Obamacare website
Though the security hole was never exploited, the problem was quite real -- at least until last week. Anyone who could guess an existing user name and had a basic understanding of how to read a website's code could potentially access someone's account.
Congressman Mike Rogers, R-Mich., also asked Sebelius about the security implications of putting in so many patches and fixes. He said that adding in new computer code exposes the entire system to new risks. He also accused health officials and their many contractors of not performing a system-wide security test, a tech industry standard.
"You did not have the most basic end-to-end test on security in the system" Rogers said. "Amazon (AMZN, Fortune 500) would never do this."
When Rogers asked if the federal government would be willing to shut down the Obamacare website until such a test is done, Sebelius said no.
Related story: Obamacare site has another outage
During the hearing, Sebelius spoke at length about the website's many issues, apologized for its shortcomings and promised they would all be resolved by the end of November -- even while most of the site remained down Wednesday morning.
"Hold me accountable for the debacle. I'm responsible," she said.
No comments:
Post a Comment