A top federal official has admitted that "high" and "moderate" security risks have been discovered on the Obamacare website in recent weeks, giving credence to months of claims by both experts and users that the site is vulnerable to security breaches.
Teresa Fryer, chief information security officer at the Centers for Medicare and Medicaid Services, testified about the risks during a Dec. 17 hearing before the House Oversight Committee which has been investigating issues with the troubled site.
"There were two high findings. One high finding was identified in an incident that was reported in November," Fryer said in partial transcripts released Friday by committee chairman Rep. Darrell Issa.
Urgent: Do You Approve Or Disapprove of President Obama's Job Performance? Vote Now in Urgent Poll
She said that the functionality in question was currently "shut down,"
according to The Hill.
Fryer said that weeks before the debut of HealthCare.gov, she had recommended against its launch, she said, telling her boss that her "evaluation of this was a high risk."
Federal health officials, however continue to insist the site is safe and that any issues are being quickly addressed.
"Each piece of the live HealthCare.gov system that was going into operation Oct. 1 had been tested by an independent security control assessor and testing was completed prior to Oct. 1, 2013 with no high findings," Joanne Peters, Health and Human Services Department spokeswoman, said this week, according to The Hill.
"All high-, moderate-, and low-security-risk findings… that launched on Oct. 1 were either fixed, or have strategies and plans in place to fix the findings that meet industry standards."
But since the Oversight Committee started delving into the security issue, it has produced evidence that the government was aware of high security risks in advance of the launch, and also that final top-to-bottom security tests
were never implemented.
Meanwhile, in the months since the launch, a number of users have come forward to report that either their personal information had been
shared with other users or that they have seen the details of other users. Reports also surfaced that Chinese hackers tried to
break into the site in November, raising further concerns about the site's vulnerability.
Peters, nonetheless insists that all operational components of the websites are compliant with federal requirements.
"To date, there have been no successful security attacks on HealthCare.gov and no person or group has maliciously accessed personally identifiable information from the site," Peters said, according to The Hill.
Urgent: Do You Approve Or Disapprove of President Obama's Job Performance? Vote Now in Urgent Poll
Related stories: