BreachExchange mailing list archives
Security concerns prompt subpoena for HealthCare.gov data
From: Lee J <lee () riskbasedsecurity com>
Date: Wed, 30 Oct 2013 14:08:54 +1100
http://www.infoworld.com/t/federal-regulations/security-concerns-prompt-subpoena-healthcaregov-data-229751 A U.S. House committee chairman, citing security concerns, today ordered a HealthCare.gov contractor to provide detailed information about its work on the project. Rep. Darrell Issa (R-Calif.), chairman of the Committee on Oversight and Government Reform chairman, Tuesday issued a subpoena for Quality Software Services Inc.'s contract with the U.S. Dept. of Health and Human Services (HHS) to work on the Affordable Care Act's (ACA) website. [ Also on InfoWorld: How federal cronies built -- and botched -- HealthCare.gov. | For a quick, smart take on the news you'll be talking about, check out InfoWorld TechBrief -- subscribe today. ] The subpoena also orders QSSI to disclose how much it has been paid so far for its work on the project for the project, along with details about all HealthCare.gov-related internal communications and that between the company and workers at HHS and the White House. Issa said he issued the subpoena after QSSI failed to voluntarily hand the information after it was asked for it by the committee last week. QSSI did not respond to a request for comment on the subpoena. "It is crucial that you provide information quickly because of the serious concerns about data security related to the lack of testing," Issa said in a letter sent to QSSI and 10 other HealthCare.gov contractors on October 23. "This lack of testing is concerning due to the amount of sensitive consumer information flowing through the data hub and exchanges." QSSI is responsible for building HealthCare.gov's core Data Hub, which is designed to support ACA health exchanges. The hub is operated by the U.S. Centers for Medicare and Medicaid Services (CMS) and is designed to let health care marketplaces quickly verify the eligibility of individuals seeking insurance coverage. HealthCare.gov's Data Hub doesn't store data, but it's designed to connect insurance exchanges with federal databases at various government agencies, including the Social Security Administration, the Internal Revenue Service, the Dept. of Homeland Security, and the Dept. of Veterans Affairs. QSSI also oversees the testing of software code developed by other HealthCare.gov contractors and last week signed a contract to be the general contractor in charge of fixing glitches that have plagued the site since it went live on Oct. 1. Issa said that QSSI's firsthand knowledge of the design and implementation of the Data Hub could help committee members better understand the decisions that went into building the website. The subpoena is the latest sign of a growing unease over the security controls in HealthCare.gov. Though the site does not store much personal data, critics fear that it could nonetheless expose users to identity theft and other types of fraud. Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan, or subscribe to Jaikumar's RSS feed. His email address is jvijayan () computerworld com.
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail sales () riskbasedsecurity com Supporters: # OWASP http://www.appsecusa.org # Builders, Breakers and Defenders # Time Square, NYC 20-21 Nov o()xxxx[{::::::::::::::::::::::::::::::::::::::::> Risk Based Security (http://www.riskbasedsecurity.com/) Risk Based Security offers security intelligence, risk management services and customized security solutions. The YourCISO portal gives decision makers access to tools for evaluating their security posture and prioritizing risk mitigation strategies. Cyber Risk Analytics offers actionable threat information and breach analysis.
Current thread:
- Security concerns prompt subpoena for HealthCare.gov data Lee J (Oct 30)