The project manager overseeing HealthCare.gov was unaware of an internal government memo warning of a “limitless” cybersecurity risk to the site, according to a CBS News report.
Henry Chao, the Centers for Medicare and Medicaid Services’ (CMS) chief project manager for HealthCare.gov, recently told congressional investigators during a closed-door session that he was unaware of a Sept. 3 internal government memo warning of security vulnerabilities that would leave consumers susceptible to identity theft.
According to excerpts of his closed-door testimony, Chao said, “What I recall is what the team told me, is that there were no high findings.”
He reiterated to investigators that he was both surprised about the memo and that he was aware of the risks the vulnerabilities posed for users.
Former CMS Chief Information Officer Tony Trenkle also did not sign off on security for HealthCare.gov, although he was the official in charge of security for the site.
CMS Administrator Marilyn Tavenner signed off on security, despite — according to a separate CBS report in October — that cybersecurity tests for the exchange were delayed and not completed before HealthCare.gov’s launch on Oct. 1.
John McAfee, the antivirus pioneer and eccentric founder of McAfee, Inc.,also condemned the exchange in early October as “a hacker’s wet dream” that would leave millions of Americans vulnerable to identity theft.