10 Updates

AP Exclusive: Health law cybersecurity challenges

Feb 25 2014, 1:54pm CST | by

WASHINGTON (AP) — As the Obama administration raced to meet its self-imposed deadline for online health insurance markets, security experts working for the government worried that...

Filed under: news

 
 
 

21 weeks ago

AP Exclusive: Health law cybersecurity challenges

Feb 25 2014, 1:54pm CST | by

WASHINGTON (AP) — As the Obama administration raced to meet its self-imposed deadline for online health insurance markets, security experts working for the government worried that state computer systems could become a back door for hackers.

Documents provided to The Associated Press show that more than two-thirds of state systems that were supposed to tap into federal computers to verify sensitive personal information for coverage were initially rated as "high risk" for security problems.

Back-door attacks have been in the news, since the hackers who stole millions of customers' credit and debit card numbers from Target are believed to have gained access through a contractor's network.

The administration says the documents offer only a partial and "outdated" snapshot of an improving situation, and the security problems cited were either resolved or are being addressed through specific actions. No successful cyber-attacks have taken place, officials say.

However, the issues detailed in documents and emails provided by the House Oversight and Government Reform committee reveal broader concerns than the federal Health and Human Services department has previously acknowledged.

They show a frenzied behind-the-scenes juggling act by officials and contractors as the Oct. 1 deadline for new health insurance exchanges loomed. Instead of providing a showcase for President Barack Obama, the launch of his health care law became a case study in how big technology projects can go off the rails.

In order to connect to federal computers, state and other outside systems must undergo a security review and receive an "authority to connect."

With the health care law, states needed approval to connect to a new federal data hub, an electronic back room that pings Social Security, the Internal Revenue Service, Homeland Security to verify personal details about people applying for government-subsidized insurance. The hub handles sensitive information, including income, immigration status and Social Security numbers.

The documents showed a high-stakes decision-making process playing out against a backdrop of tension and uncertainty as the clock ran out. For example:

— In one email from Sept. 29, a Sunday two days before the launch, Teresa Fryer, chief information security officer for the federal Centers for Medicare and Medicaid Services, wrote of the state security approvals, "The front office is signing them whether or not they are a high risk." Her agency, known as CMS, also administers the health care law.

Two days earlier, in a separate document, CMS administrator Marilyn Tavenner approved nine states to connect although the approval document noted that "CMS views the October 1 connections to the nine states as a risk due to the fact that their documentation may not be submitted completely nor reviewed...by Oct. 1." Approval was contingent on states submitting proper documentation. The states were Arkansas, Illinois, Iowa, Louisiana, Montana, Nebraska, Pennsylvania, Oklahoma, and South Dakota.

— A CMS PowerPoint presentation from Sept. 23 revealed huge differences in states' readiness. Some were already approved; others had security weaknesses that were well understood and being tackled. But there were also states where the federal government had little information on security preparations.

"CMS views these connections to states as a high risk due to the unknown nature of their systems," according to the presentation.

CMS officials contemplated whether their agency would have to accept risk on behalf of other federal government entities, including Social Security and the IRS.

—A federal contractor explicitly detailed the potential consequences of what he called an "elevated high risk."

Allowing states to connect without the appropriate review "introduces an unknown amount of risk" that could put the personal information of "potentially millions of users at risk of identity theft," not to mention exposing the program to fraud, contractor Ryan Brewer wrote to CMS security in a Sept. 18 email.

Brewer had formerly been in government, as top CMS information security officer. He is currently with the cybersecurity firm GrayScout. The administration says he had no direct knowledge of the status of state security information.

In a Feb. 20 letter to the oversight panel's chairman, Rep. Darrell Issa, R-Calif., the administration said many of the high-risk issues identified in the documents had a corrective action plan before states got approval to connect. Twelve states received temporary, 60-day permissions to connect before Oct. 1 because the administration had not completed full reviews.

Currently, 46 states and Washington, D.C., have full three-year permissions to connect, wrote HHS assistant secretary Jim Esquea.

"The administration has not been forthcoming with the American people about the serious security risks," Issa said in a statement. "Despite repeated assurances from HHS, the department appears to still be struggling with security concerns."

Cybersecurity consultant and author Theresa Payton, who reviewed the materials for the AP, said it's difficult to second-guess the administration's decisions. A phased rollout of the health care markets would have been a prudent way to keep risks manageable. But Payton, who was chief White House information officer for President George W. Bush, said federal agencies can face unique deadline pressures.

The administration should have found a way to let consumers know that the new online markets weren't quite ready for prime time, she said. "A customer education campaign on how to avoid fraud would have gone a long way."

Even top-performing states are not immune to problems. In a Jan. 10 email exchange, officials and contractors wondered whether they might have to disconnect California from federal computers after a website publicly disclosed that state's vulnerabilities.

"There are many security issues with the states' systems," a contractor wrote to CMS supervisors. "I would expect many more of the 'known' flaws to be posted in the near future."

The administration says officials quickly contacted California, and after learning that the state was addressing the issues, dropped any consideration of disconnecting.

Source: AP Business

 
Update
10

6 weeks ago

RM47mil KWSG contributions still unclaimed

Jun 9 2014 7:54am CDT | Source: Business Times Malaysia

Cambodia's Famous Battambang Circus
KUALA LUMPUR: About RM47 million of contributions in the Teachers Provident Fund (KWSG) still remain unclaimed, the Dewan Rakyat was to ...
Source: Business Times Malaysia   Full article at: Business Times Malaysia
 

 
Update
9

6 weeks ago

Gold shop lost almost RM1mil

Jun 9 2014 3:50am CDT | Source: Business Times Malaysia

Newcastle United Training Session
KANGAR: A gold shop owner lost almost RM1 million after after the safe on in his shop was broken into by robb ...
Source: Business Times Malaysia   Full article at: Business Times Malaysia
 

 
Update
8

6 weeks ago

Motion to debate MAS losses in Dewan Rakyat rejected

Jun 9 2014 3:39am CDT | Source: Business Times Malaysia

Federal Aviation Administration Bans All US Flights To Israel
KUALA LUMPUR: AN emergency motion to debate the losses incurred by Malaysia Airlines last year, amounting to RM1.2 billion was rejected by the Dewan ...
Source: Business Times Malaysia   Full article at: Business Times Malaysia
 

 
Update
7

6 weeks ago

MH370 Tragedy: Hisham: RM27.6 mil spent on 1st phase of SAR

Jun 9 2014 2:11am CDT | Source: Business Times Malaysia

KUALA LUMPUR: Malaysia spent some RM27.6 million in its first phase of the search operations for missing Malaysia Airline flight MH370, said Acting Transport Minister, Da ...
Source: Business Times Malaysia   Full article at: Business Times Malaysia
 

 
Update
6

6 weeks ago

9.1m litres of diesel seized in a month

Jun 8 2014 1:11am CDT | Source: Business Times Malaysia

INDIA-CHINA-DIPLOMACY-TRADE
PUTRAJAYA: The Domestic Trade, Cooperatives, and Consumerism ministry has seized some 9.1 million litres of diesel and property worth RM58 million since mounting ‘Operasi Diesel Selatan’ in the southern states last month. ...
Source: Business Times Malaysia   Full article at: Business Times Malaysia
 

 
Update
5

6 weeks ago

Girl, 9, awarded RM2.78m compensation for medical negligence

Jun 6 2014 4:56am CDT | Source: Business Times Malaysia

Government Weekly Cabinet Meeting
KUALA LUMPUR: A nine-year-old girl who suffered brain damage during her birth at a government hospital was awarded over RM2.78 mi ...
Source: Business Times Malaysia   Full article at: Business Times Malaysia
 

 
Update
4

6 weeks ago

Malaysia's total trade in April up 12pc

Jun 5 2014 11:52pm CDT | Source: Business Times Malaysia

KUALA LUMPUR: Malaysia's total trade in April 2014 rose by 12 per cent from a year ago to RM123.86 billion due to growing trading activities, International Trade and Industry Minister Datuk S ...
Source: Business Times Malaysia   Full article at: Business Times Malaysia
 

 
Update
3

7 weeks ago

Works Ministry to spend RM20m for upgrading works at 50 accident black spots

Jun 4 2014 11:35pm CDT | Source: Business Times Malaysia

Iskandar Johor Open - Previews
JOHOR BARU: The Works Ministry will implement upgrading works at 50 accident prone locations in the country that have been identified this year involving an allocation of RM20 ...
Source: Business Times Malaysia   Full article at: Business Times Malaysia
 

 
Update
2

7 weeks ago

Najib launches loan scheme for Ramadan traders

Jun 4 2014 10:24pm CDT | Source: Business Times Malaysia

EurAsia Cup presented by DRB-HICOM - Day One
PUTRAJAYA: Prime Minister Datuk Seri Najib Razak today launches RM45 million Ramadan Bazaar ...
Source: Business Times Malaysia   Full article at: Business Times Malaysia
 

 
Update
1

7 weeks ago

Residents bring up objection against Kidex to Suhakam

Jun 4 2014 4:49am CDT | Source: Business Times Malaysia

PETALING JAYA: A group of 20 Petaling Jaya residents held a meeting with the Human Rights Commission of Malaysia (Suhakam) over their objection against the proposed RM2.2 billion Kinrara Damansara Skyway (Ki ...
Source: Business Times Malaysia   Full article at: Business Times Malaysia
 

 

Don't miss ...

 

<a href="/latest_stories/all/all/31" rel="author">Associated Press</a>
The Associated Press (AP) is one of the largest and most trusted sources of independent newsgathering, supplying a steady stream of news to its members, international subscribers and commercial customers.

 

blog comments powered by Disqus

Latest stories

About 13 percent new mothers avoid sex
London, July 24 (IANS) Have you rejected love-making calls from your hubby after childbirth? Take heart as you have not committed a sin.
 
 
Soon, grocery bags from vegetable waste
London, July 24 (IANS) Your next grocery bag can come from vegetable waste products.
 
 
Air Algerie plane missing in west Africa
Algiers, July 24 (IANS) A passenger plane of Algeria's state-run Air Algerie was Thursday reported missing 50 minutes after taking off from Ouagadougou Airport in Burkina Faso, according to media.
 
 
Monitor pulse after stroke to avoid second
New York, July 24 (IANS) Regularly monitoring your pulse after a stroke or the pulse of a loved one who has experienced a stroke can prevent a second stroke.
 
 
 

Latest from the Network

There’s no Swatch in your future iWatch
Apple is widely expected to launch at least a couple of different iWatch models this fall, that will be laden with many sensors for fitness and health purposes, and connect to iPhones for notifications and other data....
Read more on Apple Balla
 
Norway on alert over terrorist threat
Oslo, July 24 (IANS) The Norwegian anti-terror police Thursday said they had been informed of a planned terrorist attack against the country. At a hastily-convened press conference, Alana Bjoernland, chief of Norway's...
Read more on Politics Balla
 
About 13 percent new mothers avoid sex
London, July 24 (IANS) Have you rejected love-making calls from your hubby after childbirth? Take heart as you have not committed a sin. A survey by non-profit British Pregnancy Advisory Service (BPAS) has revealed...
Read more on Apple Balla
 
My commitment to 'vikas' stands: Hema Malini
New York, July 24 (IANS) Reacting to the criticism about her absence from her constituency Mathura, actor-politician Hema Malini claims she is "working for my people wherever I am" and that she will always stick to her...
Read more on Celebrity Balla
 
Soon, grocery bags from vegetable waste
London, July 24 (IANS) Your next grocery bag can come from vegetable waste products. Scientists have developed an eco-friendly and efficient new bioplastic using rice hulls, cocoa pod husk, spinach and parsley stems...
Read more on Apple Balla
 
Air Algerie plane missing in west Africa
Algiers, July 24 (IANS) A passenger plane of Algeria's state-run Air Algerie was Thursday reported missing 50 minutes after taking off from Ouagadougou Airport in Burkina Faso, according to media. "Air navigation...
Read more on Business Balla
 
The Rise And Fall Of NASCAR At Indy
This weekend is the latest running of NASCAR’s Brickyard 400 (officially the Crown Royal Presents the John Wayne Walding 400 at the Brickyard powered by BigMachineRecords.com) at the Indianapolis Motor Speedway. Almost...
Read more on Auto Balla
 
Amy Winehouse's mother approves of tributes
Amy Winehouse's mother thinks cigarettes and empty alcohol bottles are ''fitting'' tributes to her daughter. Fans flocked to the late 'Back to Black' star's former London home yesterday (07.23.14) to pay their respects...
Read more on Celebrity Balla
 
Tori Spelling hopes woes will teach children
Tori Spelling hopes her marriage problems will teach her children a lesson. The 'True Tori' star was left devastated when husband Dean McDermott - with who she has children Liam, seven, Stella, six, Hattie, two, and 22-...
Read more on Celebrity Balla
 
Zac Efron enjoys night with Robert Pattinson
Zac Efron and Robert Pattinson were in ''really good moods'' on a night out together. The Hollywood hunks enjoyed an evening with seven pals at Pinz Bowling Alley in California, followed by drinks in nightspot Bootsy...
Read more on Celebrity Balla