OTR Interviews

ObamaCare contractor security fears made real

One company that helped build the problem-plagued ObamaCare website has been cited for security lapses, and one man explains why he's worried his private info was compromised in a recent encounter


This is a rush transcript from "On the Record," November 1, 2013. This copy may not be in its final form and may be updated.

GRETA VAN SUSTEREN, FOX NEWS HOST: You have heard it over and over and over since October 1st. Americans struggling to get through on the ObamaCare website. So you are never going to believe this one. Actually, maybe you will. Our next guest says his application went through, even though he did not submit it. Now, how did that happen?

Ben Simo, a former president of the Association for Software Testing, he joins us. Ben, so what happened with your application?

BEN SIMO, SOFTWARE TESTING CONSULTANT: Well, I had started an application and filled out much of the application and got to the end and there were the statements stating what they might do with the data. And I wasn't quite ready to submit it. So I clicked the option that said no, I do not agree to the terms of submitting this, and then left that page of HealthCare.gov.

Later that day or it might have been the next day, I got a notification telling me that a decision had made. I went back into the system, and saw a notice and a letter that referred me to a state agency to continue the process.

SUSTEREN: What was the decision that had been made?

SIMO: It appears that in this case I was looking for coverage for my granddaughter. And it appears that they wanted to refer me to the state to see if chip might be available to cover her. The letter was not all that clear. It referenced the table that said about or referenced the table that should tell me what decision was made but that table wasn't in the letter. So, it wasn't real clear. This looks to me it's probably just a software issue that either they processed the application or maybe just something went through and processed the letter.

SUSTEREN: Ben, I can't tell you how many times I think I hit something on my computer and I hit something else. I mean, is there any chance that when you did prudent person the application that you actually did submit it, that the error was a human error on your part and not a software error?

SIMO: Well, that's certainly possible that I made some mistake there, but what I do know is that I did select the option that I did not agree to the terms of submitting an application. That part I do know that I did during the process. So even if I had done something to submit it, clicking the wrong button or something, I had no expectation that it would be processed.

SUSTEREN: Is there any problem with it being processed. Most people don't want to be processed, but by being processed does it at least give you some options?

SIMO: I was concerned when I first got it because the letter made some comments about needing to appeal their eligibility decision within 10 days which put a time limit on something I wasn't prepared to deal with yet. I have not yet talked with the state agency to see what the options are, so I'm hoping this was just some software filibuster that generated the letter. But I don't know yet.

SUSTEREN: Chances are it's a good defense. We can blame everything -- I'm blaming everything on software even my parking tickets. Ben, thank you.

SIMO: You are welcome.

SUSTEREN: After the catastrophic launching of HealthCare.gov, Secretary Sebelius put QSSI in charge of fixing it. But there is information about QSSI and it's not particularly good. The contractor has a history of security lapses. QSSI that's the specially selected company being charged and what's their problem? What's their history?

JONATHAN EASLEY, "THE HILL": This is with the Medicare contract.

SUSTEREN: A different one.

EASLEY: Right. Not related to the healthcare office of inspector general for Health and Human Services came out and said there were security lapses where employees there could plug in some unauthorized USB drives into the computers that could infect it with malware or open it up for theft of some of the private data that's in the system.

SUSTEREN: By malware you mean could put a virus in it or stick their iPod and download all the personal information, right?

EASLEY: That's right.

SUSTEREN: In plain English. So, how many people were potentially exposed by it?

EASLEY: It was six million. I mean, there is no indication that anything was stolen or broken within the web site it exposed about six million beneficiaries.

SUSTEREN: This was last summer it was discovered?

EASLEY: It was in June, yes.

SUSTEREN: Is there any indication that Secretary Sebelius or anyone else in the government thought, let's not put in charge of HealthCare.gov to fix it a company that last summer had security lapses that had six million people at risk for their personal information?

EASLEY: Right, I mean, I think at that point we were so far along in building the sight, they -- site looking at the tech surge.

SUSTEREN: But the tech surge occurred in September. The identification that QSSI has little security situation was last June. I understand they were deep into creating the hub. They were subsequently since October 1st they were the one identified as being the fixers.

EASLEY: Exactly. They have been on as a general contractor since then to fix some of the issues that are going on with the web site. It's just not that they kept them on since June. It's also that they brought them back on as a general contractor.

SUSTEREN: Who is thinking? You have the paper applications being processed with 1.4 billion-dollar contract by a company that's under investigation in Britain for swindling British taxpayers. And now we have a company that's supposed to fix the security and fix this hub and they themselves just three months ago have a security issue. Is anyone in the least bit concerned in the government maybe we ought to do a little hunting and quality background searches to see who we select to fix the stuff?

EASLEY: Right. Well, I mean that's been an issue since Edward Snowden and the NSA who are these contractors getting into our databases it was a focus of Kathleen Sebelius' testimony, you know, last week. They were kind of -- they were going after her on some of the security flaws that they thought might be.

SUSTEREN: I was at that hearing. She didn't say gee we knew QSSI had security issues and there was this huge problem last June. I don't remember her saying that at the hearing. I never remember hearing her despite of the fact they had security flaws last June I decided they would be the good person to fix it?

EASLEY: You are right. They are reacting to these issues as they come up. It doesn't seem as if there is any.

SUSTEREN: It seems so basic to me that you don't hire a company -- there are some companies that you can get let's not get one under investigation for swindling the British or QSSI who had some sort of security lapse last summer. I'm taking the last word on that. Never a dull moment.