The real security threat.
Once again demonstrating how concerned they are with the unemployment benefits crisis and creating jobs, the Republican House
voted Friday morning to require the Department of Health and Human Services to notify affected users of any potential breach on a state or federal exchange within two business days. No, that doesn't have anything to do with jobs.
It also doesn't really have anything to do with reality. There have been no security breaches on HealthCare.gov. None. The site includes "several layers" of protection, according to Chief Information Security Officer at the Centers for Medicare and Medicaid Services, Teresa Fryer. The threat of massive data breaches seems pretty small. Unless, of course, a vindictive Republican congressman leaks sensitive information that he has access to.
[T]he most credible threat to the website's security may be the loudest critic of the website's security: Rep. Darrell Issa (R-Calif.), chairman of the House Oversight and Government Reform Committee.
HealthCare.gov could clearly be compromised if, say, sensitive documents were leaked to the public that included software code or other technical information that provided hackers with a road map for vulnerabilities in the site. Such documents currently reside with Issa, who obtained them last month—unredacted—after subpoenaing them from MITRE Corporation, the federal contractor overseeing security of the website.
Throughout the subpoena process, MITRE officials warned Issa in three separate letters that the documents could result in "irreparable harm" to the website's security if they end up in the wrong hands, even with redactions. They offered to let him come into MITRE's offices and view redacted versions of them. Beyond that, White House Counsel Kathryn Ruemmler sent Issa a letter warning that disclosures could increase risks to all IT systems across the federal government. Top House Democrats, meanwhile, pressed for a classified briefing with administration cyber security officials to assess the risks posed by a potential leak of those documents.
The administration and House Democrats have good reason not to trust Issa, considering one of Issa's hobbies is cherrypicking sensitive and classified information he has access to and sharing that selective information with the media. Issa insisted on getting the unredacted information from MITRE, and has already posted some of the information
online in a letter he sent to Secretary Sebelius.
Issa could actually create the security threat that doesn't currently exist, something Republicans clearly want to have to continue to keep Obamcare a political issue. He's certainly proven, time and time again, that he's not above doing something like that.