House Oversight and Government Reform Committee Chairman Darrell Issa is demanding a key ObamaCare official testify before his committee after the Obama administration revealed Thursday hackers have successfully breached HealthCare.gov.
Issa, R-Calif., said in a statement that Marilyn Tavenner, the administrator for the Centers for Medicare and Medicaid Services, “must testify” before his committee on Sept. 18 to discuss “transparency, accountability, and information security” regarding the federal ObamaCare website.
“Considering this administration launched Healthcare.gov over the objections of CMS, it’s unsurprising that the website has suffered a ‘malicious attack,’” Issa said in a statement. “For nearly a year, the administration has dismissed concerns about the security of Healthcare.gov, even as it obstructed congressional oversight of the issue.”
The Obama administration said no consumer information was taken from the health insurance website that serves more than 5 million Americans in the breach, but malicious software was installed. The software could have been used to launch an attack on other websites from the federal insurance portal.
Health and Human Services spokesman Aaron Albright said the website component that was breached had been used for testing and did not contain consumer information, such as names, birth dates, Social Security numbers and income details.
The initial intrusion took place July 8, but it was not detected until Monday of last week during a manual scan of system logs. HHS said the component that was breached did not have a firewall, or intrusion detection software, installed on it. Technicians manually scanning logs discovered the breach Aug. 25 and took action.
The Homeland Security Department, which helps safeguard federal systems, said the scope of the attack was limited to one server. There is no evidence an attack was subsequently launched from the tainted machine.
Federal computer systems are the targets of hundreds of cyberattacks every day, but this is believed to be the first successful one involving HealthCare.gov.
Republican lawmakers criticized the Obama administration over the hack, with Utah Sen. Orrin Hatch saying it came as a “surprise to no one.”
“It’s yet another deeply disturbing failure of the President’s health law, and once again it is the American people who are bearing the brunt of the law’s failures,” he said.
Rep. Joe Pitts, who chairs a panel that held hearings last year on the website’s rocky rollout, echoed Hatch’s sentiments.
"Sadly, the news that HealthCare.gov has been hacked does not come as a surprise," Pitts, R-Pa., said in a statement.
The health care site had numerous technical problems when it was launched last fall and was initially unworkable for most consumers. Among the issues that concerned the government's own technical experts was that security testing could not be completed because the system was undergoing so many last-minute changes. HealthCare.gov eventually passed security certification.
HHS says it does not appear that the insurance site was specifically targeted. Rather, the hackers seem to have been probing numerous government and private websites for potential weaknesses.
The department's inspector general is coordinating with other law enforcement agencies to investigate.
HealthCare.gov is the online gateway to subsidized private health insurance for people who don't have access to a health plan on the job. Created under Obama's health law, the site currently serves 36 states and more may be added when open enrollment starts Nov. 15. The remaining states run their own insurance exchanges.
The incident was first reported by The Wall Street Journal.
The Associated Press contributed to this report.