In Hours Before Rare Obama News Conference, Healthcare.gov Goes Down Again

Wonderful.

Joanne Peters, a spokeswoman with the Department of Health and Human Services, said the system was deliberately taken down Friday morning due to an error that needed to be fixed. She said it should be up by early afternoon. "Right now HealthCare.gov is queuing consumers," Peters said. "This system is in place while the tech team works on fixing an error that happened during routine maintenance last night. This work started at 10 a.m. and we anticipate this could take two to three hours and that the site will be up and running again soon."

It's so totally fixed.

Before the launch of the site, the head IT guy, Tony Trenkle, refused to sign off on the system's security. So his boss signed it instead, despite the site not being secure. Trenkle then either resigned, or was fired, or some combination of the two.

That happened again with this relaunch. Sharyl Attkisson reports:

Teresa Fryer, the chief information security officer for the Centers for Medicare and Medicaid Services (CMS), revealed the findings when she was interviewed Tuesday behind closed doors by House Oversight Committee officials. The security risks were not previously disclosed to members of Congress or the public. Obama administration officials have firmly insisted there’s no reason for any concern regarding the website’s security.

...

According to federal standards set by the National Institute of Standards and Technology (NIST), the potential impact of a high finding is “the loss of confidentiality, integrity, or availability could be expected to have a severe or catastrophic adverse effect on organizational operations, organizational assets, or individuals.”

Details are not being made public for security reasons but Fryer testified that one vulnerability in the system was discovered during testing last week related to an incident reported in November. She says that as a result, the government has shut down functionality in the vulnerable part of the system. Fryer said the other high-risk finding was discovered Monday.

In another security bombshell, Fryer told congressional interviewers that she explicitly recommended denial of the website’s Authority to Operate (ATO), but was overruled by her superiors. The website was rolled out amid warnings Fryer said she gave both verbally and in a briefing that disclosed “high risks” and possible exposure to “attacks”.

Fryer also said that she refused to put her name on a letter recommending a temporary ATO be granted for six months while the issues were sorted out.

"My recommendation was a denial of ATO," Fryer told Democrats and Republicans who sat in on the day-long interview. According to Fryer, she first recommended denying the ATO to CMS chief information officer Tony Trenkle based on the many outstanding security concerns after pre-launch testing.

Speculation: @drewmtips thinks this guess sounds plausible in explaining the current system failure:

I'm not sure about that. This New Illegal Law was just previewed last night. Have insurers even had time to crunch the actuarial numbers to assign a price for such policies?

Drew also expressed doubts about the "planned" nature of the system failure:

Hah. What a dope Drew is. He still thinks there's a thing called a "deadline" which is real.

posted by Ace at 01:06 PM

| Access Comments