The reformed bad-guy-turned good Internet security expert Kevin Mitnick, renowned for his cyber criminal activities, called the ObamaCare website security “shameful” and “minimal.”
House Science, Space and Technology Committee received Mitnick’s written testimony, which read: “It’s shameful the team that built the Healthcare.gov site implemented minimal, if any, security best practices to mitigate the significant risk of a system compromise.”
On the House floor, House Majority Leader Eric Cantor (R-VA) read from the draft memo by chief information security officer at the CMS, Teresa Fryer, who wrote in September to her boss conveying Healthcare.gov “does not reasonably meet the CMS security requirements” intended to minimize risks. “There is also no confidence that the Personal Identifiable Information (PII) will be protected.”
Meanwhile, CMS administrator Marilyn Tavenner, and the now-retired agency’s chief information officer, Tony Trenkle, made the decision to launch HealthCare.gov as scheduled despite the security risks.
The House Democrats argued that the Republicans overstate the site’s vulnerability, with Rep. Elijah Cummings (D-MD) stating, “Republicans are still obsessed with killing this law. Since they cannot do so legislatively, they have shifted to a different tactic: scaring people away from the Web site.”
However, Mitnick’s written testimony that was submitted to the panel concluded: “After reading the documents provided by David Kennedy that detailed numerous security vulnerabilities associated with the Healthcare.gov Website, it’s clear that the management team did not consider security as a priority.”
CMS conveyed that there has been no successful security attacks on the site and that “no person or group has maliciously accessed personally identifiable information from the site.”
Mitnick’s analysis was supported by CEO and founder of TrustedSec LLC David Kennedy, the white hat hacker who compromises websites in order to identify and fix security flaws, testified that several of the issues they first discovered still exist on the site.
Kennedy told the panel that both himself and other experts have not seen any significant developments within the past two month — “it’s getting worse. Nothing has really changed since our November 19th testimony,” he stated.
The co-founder and CEO of Lunarline Waylon Krush claimed that the flaws that have been found are mere speculation.
Who are we to believe Krush who gets paid by the government practically on a daily basis or two entrepreneurs such as Mitnick and Kennedy that do not have to answer to the government.
