Obamacare Website's Biggest Security Threat May Be Darrell Issa

WASHINGTON -- House Republicans are kicking off the year with more votes on Obamacare bills, this time pushing a measure they say will help protect people from security breaches of HealthCare.gov.

But there is some irony in their latest whack at the Affordable Care Act. The GOP bill set for a Friday vote would require the Health and Human Services secretary to tell people if their private data was compromised in a security breach, but, as laid out in a Democratic committee memo issued Thursday, HHS is already required to do that, and there haven't been any successful breaches thus far anyway. Not only does the bill target a nonexistent problem, but the most credible threat to the website's security may be the loudest critic of the website's security: Rep. Darrell Issa (R-Calif.), chairman of the House Oversight and Government Reform Committee.

HealthCare.gov could clearly be compromised if, say, sensitive documents were leaked to the public that included software code or other technical information that provided hackers with a road map for vulnerabilities in the site. Such documents currently reside with Issa, who obtained them last month -- unredacted -- after subpoenaing them from MITRE Corporation, the federal contractor overseeing security of the website.

Throughout the subpoena process, MITRE officials warned Issa in three separate letters that the documents could result in "irreparable harm" to the website's security if they end up in the wrong hands, even with redactions. They offered to let him come into MITRE's offices and view redacted versions of them. Beyond that, White House Counsel Kathryn Ruemmler sent Issa a letter warning that disclosures could increase risks to all IT systems across the federal government. Top House Democrats, meanwhile, pressed for a classified briefing with administration cyber security officials to assess the risks posed by a potential leak of those documents.

But Issa insisted on getting the unredacted versions, and on Dec. 17, he posted excerpts from them online in a letter to HHS Secretary Kathleen Sebelius in which he raised concerns with the website's security.

The move drew a harsh response from Rep. Elijah Cummings (D-Md.), ranking member on the House Oversight and Government Reform Committee. He blasted Issa for being "reckless" with sensitive data.

"Chairman Issa's letter cherry-picks from the documents, mischaracterizes the status of the website, and appears inconsistent with the House Parliamentarian's longstanding interpretation and guidance relating to Committee documents," Cummings said in a statement. "The Chairman's actions are a reckless and transparent attempt to frighten Americans away from the Heathcare.gov website and deny them health insurance to which they are entitled."

It remains to be seen if Issa will release more excerpts from the documents, but he's got quite a track record of leaking sensitive information. In Oct. 2012, he compromised the identity of Libyans working with the U.S. by posting 166 pages of sensitive State Department cables online. He leaked a document in May 2011 that was covered by a court-ordered seal, he released sensitive information in July 2011 about security breaches at U.S. airports and in June 2012, he revealed information from court-sealed wiretaps while speaking on the House floor.

An Issa spokeswoman did not respond to a request for comment.

Michael Steel, a spokesman for House Speaker John Boehner (R-Ohio), defended Issa's efforts to investigate government programs.

"The Speaker, and the American people, know that Chairman Issa and his team have provided serious, fact-based oversight on a range of issues, including the 'train wreck' of Obamacare," Steel said.



Lies And Distortions Of The Health Care Debate