News Releases

WASHINGTON, D.C. – This week, the nonpartisan Government Accountability Office (GAO) released a report detailing ongoing problems with the security of the Obamacare website – HealthCare.gov. More than a year since its launch, GAO raises concerns that HealthCare.gov users continue to face a serious risk of having their personal information – including Social Security numbers, income and employment records, and tax returns stored by the system – stolen by fraudsters and identity thieves. U.S. Senator Jerry Moran (R-Kan.), Ranking Member of the Senate Appropriations Health Subcommittee, shares GAO’s concerns and believes the Administration has consistently kept Congress and the public in the dark about the serious security concerns with the Obamacare website. 

“This GAO report makes it clear that, more than a year later, the Administration refuses to provide a true account of how the website is performing and whether it is safe for Americans to use,” Sen. Moran said. “Given the Administration’s history of misrepresentations regarding the readiness of the Obamacare exchanges, I am extremely concerned about the security of Americans’ personal information. I am a sponsor of two commonsense bills to increase transparency surrounding Obamacare’s implementation and help address the serious privacy and data security concerns associated with the law. This is not about politics, this is about personal security and privacy.” 

The GAO report finds that the federal enrollment website still has not undergone rigorous end-to-end testing to check for vulnerabilities. Additionally, it accuses the Centers for Medicare and Medicaid Service (CMS) of accepting significant security risks when it allowed the website to launch on Oct. 1, 2013. This report came on the heels of a hack of HealthCare.gov in July 2014 in which malicious software was installed within the website’s network and went undetected for more than a month.

According to GAO’s review:

“CMS has not fully addressed security and privacy management weaknesses, including having incomplete security plans and privacy documentation, conducting incomplete security tests, and not establishing an alternate processing site to avoid major service disruptions. In addition, we identified weaknesses in the technical controls protecting the confidentiality, integrity, and availability of the data maintained in the [federally facilitated marketplace]. … Until these weaknesses are addressed, increased and unnecessary risks remain of unauthorized access, disclosure, or modification of the information collected and maintained by HealthCare.gov and related systems or the disruption of service provided by the systems.”

In January 2014, Sen. Moran sponsored two bills to protect American individuals and families from the consequences of Obamacare’s implementation. The Exchange Information Disclosure Act (S. 1590) requires the Obama Administration to disclose detailed information about the performance of the Obamacare health insurance Exchange website, HealthCare.gov. The other bill, the Health Exchange Security and Transparency Act (S. 1902), would increase the Administration’s responsibility for safeguarding personal information of Exchange users in response to growing security concerns about the website. The House of Representatives passed its own version of both bills with broad, bipartisan support, yet the Senate Majority Leader has yet to bring the bills up for a vote in the Senate.

# # #