Sharyl Attkisson, CBS News
WASHINGTON -- The health care website
went down again Monday for an hour and a half, and no one is sure why.
It's being taken offline on purpose every night from 1 a.m. to 5 a.m.
for repairs. Millions are still having trouble buying insurance on it,
and it turns out that even when the website works, it may not be secure
enough to protect privacy.
As HealthCare.gov was
being developed, crucial tests to ensure the security and privacy of
customer information fell behind schedule.
CBS News analysis found that the deadline for final security plans
slipped three times from May 6 to July 16. Security assessments to be
finished June 7 slid to August 16 and then August 23. The final,
required top-to-bottom security tests never got done.
House Oversight Committee released an Obama administration memo that
shows four days before the launch, the government took an unusual step.
It granted itself a waiver to launch the website with "a level of
uncertainty ... deemed as a high (security) risk."
Agency head Marilyn Tavenner
accepted the risk and "mitigation" measures like frequent testing and a
dedicated security team. But three other officials signed a statement
saying that "does not reduce the risk" of launching October 1.
Law professor Lawrence Gostin is a big supporter of the Affordable Care
Act. He helped Congress write the law to meet constitutional standards.
But he's critical of the launch without proper security.
"Nothing can undermine public confidence more than the fear of a
security and privacy breach," Gostin said. "You could have somebody hack
into the system, get your Social Security number, get your financial
HealthCare.gov exchanges data through a
massive hub that includes the IRS and Social Security Administration, to
verify income and identity, and Veterans Affairs, for military
personnel who receive special benefits.
Last week at a congressional hearing, Health and Human Services Secretary Kathleen Sebelius told Democrat G.K. Butterfield that Americans have no reason to worry.
if she had confidence in measures the administration was taking to
protect the security of Americans' personal information, Sebelius
responded, "I do, sir."
While officials try to fix all the problems with the website, internal
notes released Monday from a government meeting last week reflect a new
concern: that the media may begin to follow customer experiences. In
some cases, CMS fears, there are "fewer health insurance options than
would be desired" and "relatively high-cost plans."