Obama Administration Rejects AP's Request for Healthcare.gov Cybersecurity Information

Written by

The debate may rage on between political parties as to whether the Affordable Health Care Act is a good thing or a bad thing for the United States, but an entirely new controversy has cropped up regarding the ObamaCare website, healthcare.gov. The administration has rejected an Associated Press request for details on the cybersecurity measures in place to protect consumers.

The Centers for Medicare and Medicaid Services (CMS), which administers Healthcare.gov, had previously said that it would be transparent when it came to how the government is treating the privacy of the personal information logged into the system. But, it rejected the AP’s Freedom of Information Act (FOIA) request for information about security software and the computer systems used on the federal health exchange, arguing that the information, if published, would give hackers the tools they would need to circumvent the systems.  

As far as whether the government has a legitimate argument on the hacking aspect, the AP noted that it was asking for a range of facts, including the numbers of break-ins and hacking attempts detected, and the privacy protocols for storing personal data, which would be useless for hackers in terms of crafting an attack plan.

CMS also argued that any disclosure could violate users’ privacy or interfere with law enforcement efforts.

"Here you have an example of an agency resorting to a far-fetched privacy claim in an unprecedented attempt to bridge this legal gap and, in the process, making it even worse by going overboard in withholding such records in their entireties," said Dan Metcalfe, a former director of the Justice Department's office of information and privacy, speaking to the AP.

The AP is asking the government to reconsider, it said: 

“Obama instructed federal agencies in 2009 to not keep information confidential ‘merely because public officials might be embarrassed by disclosure, because errors and failures might be revealed, or because of speculative or abstract fears.’ Yet the government, in its denial of the AP request, speculates that disclosing the records could possibly, but not assuredly or even probably, give hackers the keys they need to intrude.”

It added, “Even when the government concludes that records can't be fully released, Attorney General Eric Holder has directed agencies to consider whether parts of the files can be revealed with sensitive passages censored. CMS told the AP it will not release any parts of any of the records.”

Back in January, CMS said that there had been no breaches of the site or of databases. But Republican lawmakers had raised concerns over the cybersecurity of the site after technical glitches plagued the site launch last year. Despite the political motivation by the GOP for doing so, independent minds are concerned too: Some security professionals have declared the site insecure, based on publically available information. 

What’s hot on Infosecurity Magazine?