Print

Congresswoman Jenkins Sends Letter Requesting Review Of Healthcare.gov Security

4/22/2014

Last week, Congresswoman Lynn Jenkins (KS-02) and seven of her House colleagues sent a letter to Department of Health & Human Services, Internal Revenue Service, Department of Homeland Security, and Department of Treasury to address concerns regarding the security of healthcare.gov. In light of the recent news from the Heartbleed programming flaw and the Administration asking Americans to change their passwords on healthcare.gov, Congresswoman Jenkins released the following statement:

“Since the first launch of the federal healthcare exchange, I have been greatly concerned about the security and vulnerabilities of healthcare.gov. My colleagues and I request that the Administration immediately conduct a review of all open source components used to build healthcare.gov and replace the website flaw with a more secure system. The millions of Americans who are simply trying to comply with the law deserve the absolute best protection when releasing their personal information into a “hackers dream.”

Items to note:

  • The company which built healthcare.gov has a history of using open-source code with weaknesses that could lead to a data breach. The letter asked the four agencies to review their use of open-source components and immediately replace any open-source components that have known vulnerabilities with the secure version.  The recent Heartbleed exploit is a direct result of vulnerable open source components. 

o   Since NIST has published a list of components with vulnerabilities, it is a relatively inexpensive matter to switch the components which have known vulnerabilities, to the version of the same component, that has no vulnerabilities. 

  • As you know, Healthcare.gov has been flagged as possibly being vulnerable to the Heartbleed programming flaw, which could allow hackers to access users’ private personal information.

o   TheAssociated Press noted, “People who have accounts on the enrollment website for President Barack Obama's signature health care law are being told to change their passwords following an administration-wide review of the government's vulnerability to the confounding Heartbleed Internet security flaw.”

  • Joining Congresswoman Jenkins in sending the letter were, Rep. Diane Black (TN-06), Rep. Dan Benishek (MI-01), Rep. Kerry Bentivolio (MI-11), Rep. Tom Marino (PA-10), Rep. Stephen Fincher (TN-08), Rep. Mike Conaway (TX-11), and Rep. Bill Cassidy (LA-06).

# # #

Healthcare.Gov Site Security Letter (04/23/14 10:18 AM PST)