The Daily Caller

The Daily Caller
U.S. President Barack Obama makes a point as he delivers remarks at the House Democratic Issues Conference in Lansdowne, Virginia, February 7, 2013. REUTERS/Jonathan Ernst  (UNITED STATES - Tags: POLITICS) - RTR3DGSA U.S. President Barack Obama makes a point as he delivers remarks at the House Democratic Issues Conference in Lansdowne, Virginia, February 7, 2013. REUTERS/Jonathan Ernst (UNITED STATES - Tags: POLITICS) - RTR3DGSA  

Cybersecurity crumbling? 35 Obamacare exchanges labeled ‘high risk’ before launch

Cybersecurity experts warned that 35 state health exchange websites were “high risk” for security breaches before Obamacare launched — and some security flaws were left wide open for months, the Associated Press reports.

Obama administration officials told the AP that the documents reveal a partial and “outdated” view of exchange security. The security problems either resolved or currently being worked on, and no cyberattacks have been successful.

But the documents reveal that getting the health care exchanges launched on the administration’s preferred day may have been higher priority than ensuring data security. (RELATED: Top hacker reveals how he cracked Obamacare site in under 4 minutes)

Federal officials were required to approve the security of state exchange websites before the exchanges could connect to Obamacare’s central data sharing system, the Federal Data Services Hub. The data hub connects seven different federal agencies, including the IRS and Homeland Security, with each state website to share customer information.

But two days before Obamacare launched, Teresa Fryer, chief information security officer at the Obamacare administrator Centers for Medicare and Medicaid Services, said, “the front office is signing [security approvals] whether or not they are a high risk.”

While federal officials said the problems had been taken care of, some exchanges were operational for months before problems were addressed. The document dump revealed that California’s exchange had a security flaw active in its site for four months after its launch, and to add insult to injury, the weakness had been made public.

Tom Schankweiler, the California exchange’s information security officer, wrote just last month that “CMS is now aware of a vulnerability with the CA exchange that has not been fixed and a reference to the weakness is posted in the public domain.”

Covered California denied that any customer information had been accessed and the security flaw has been addressed. CMS officials told the AP that they chose not to cut out the state’s connection to a long list of federal agencies through the data hub because the state was addressing the concern appropriately.

Follow Sarah on Twitter

Content created by The Daily Caller News Foundation is available without charge to any eligible news publisher that can provide a large audience. For licensing opportunities of our original content, please contact licensing@dailycallernewsfoundation.org.