WASHINGTON — Obama administration officials working on the federal health insurance website were unable to tell Congress during a hearing on Wednesday how much it would cost to fix the site.
The administration has spent more than $600 million on the troubled website, HealthCare.gov, and is racing to meet a self-imposed Nov. 30 deadline for repairs. (The Washington Post today, quoting an unidentified federal official, reported that twebsite's software problems are so intractable that the government will not be able to have the site fulling functioning by the deadline.)
Todd Park, Obama’s chief technology adviser; Henry Chao, the chief digital architect of the website; and Steven VanRoekel, the chief information officer for the federal government, could not answer questions about the cost of repairing the site, which has been plagued with scores of software and hardware problems since it opened on Oct. 1.
The questions came from U.S. Rep. John J. Duncan Jr., R-Tenn., at a hearing of the House Committee on Oversight and Government Reform.
Many questions focused on website procedures that required consumers to create password-protected accounts before they could see the exact cost of health plans for which they were eligible.
Chao rebuffed Republican suggestions that the administration had blocked “anonymous shopping” because it feared consumers would be alarmed if they saw the full unsubsidized prices of insurance policies.
In fact, Chao said, federal officials blocked the “anonymous shopping” function because it had failed tests.
“It failed so miserably” that consumers could not use it, Chao said.
The chairman of the oversight committee, Rep. Darrell Issa, R-Calif., denounced the administration’s decision to go forward on Oct. 1.
“This was a monumental mistake to go live and effectively explode on the launchpad,” Issa said. "We are here to examine the failure of technology not because the technology was so new, not because this was a moon shot. We’ve discovered that efforts were taken to cut corners to meet political deadlines at the end.”
He said that “there were material failures in the security of the Obamacare website,” and asserted that “hackers may soon find those vulnerabilities.”
Elijah E. Cummings of Maryland, the senior Democrat on the committee, said the Centers for Medicare and Medicaid Services and its contractors “failed to fully deliver what they were supposed to deliver.” But he said that Republicans were exploiting the problems for political gain.
“They are attempting to use the congressional oversight process to scare Americans away from the website by once again making unsupported assertions about the risk to their personal medical information,” Cummings said.
David A. Powner, director of information technology issues at the Government Accountability Office, an investigative arm of Congress, raised questions Wednesday about whether the Centers for Medicare and Medicaid Services had the capabilities needed to serve as the quarterback for the creation of the website, a complex project involving dozens of contractors.
The agency, he noted, was supposed to coordinate all the software and hardware pieces as the “systems integrator.”
Even while testimony was underway before Issa’s committee, a separate House panel spent the morning questioning another group of senior administration officials about the security of the website. Republicans on the Homeland Security Committee suggested that the confidential personal information of thousands of consumers entered into the federal website each day might be vulnerable to cyberattack because of errors made in building the system.
“We are talking about Social Security numbers, names, addresses, email addresses, health information, which is perhaps the most private of all information, certainly information that no American wants to give a hacker to exploit,” said Rep. Michael McCaul, R-Texas. “I have not had the assurances that it is secure. Imagine a hacker getting their personal info and exploiting it for personal gain.”
Other Republican House members suggested that the so-called navigators program, which hires outside experts to help consumers sign up for insurance, might be vulnerable to fraud, because it did not require background checks on individuals recruited for this work.
“It is possible that a felon may be a navigator,” said Rep. Patrick Meehan, R-Penn. “Shouldn’t there have been guidelines to do security checks on the backgrounds?”
The officials testifying at the hearing were all from the Department of Homeland Security, which was not directly involved in building HealthCare.gov, so they repeatedly told the lawmakers that they could not address their pointed questions or allegations.
“You are asking me a question I could not possibly know the answer to,” Roberta Stempfley, the acting assistant secretary at the Office of Cybersecurity and Communications, said in response to one of many questions about why the Department of Homeland Security had not done more to ensure that the health care site was adequately secure.
Ms. Stempfley did say that Homeland Security officials had been told about reports of 16 cyberattack incidents related to HealthCare.gov, and also one effort to delay or shut down the site, by an outside party that was repeatedly sending the site inquiries.
Ms. Stempfley did not provide details about those incidents, but she described them when asked about possible attempts by outsiders to gain access to personal information of consumers applying for health care coverage. She said the incidents were being investigated.
She also said that the department was working with the federal agency in charge of the health care program to extend Homeland Security computer systems intended to prevent cyberattacks, and was moving to hire a contractor that conducts “continuous diagnostic” services that can detect them.
Rep. Cedric L. Richmond, D-La., said that all of the talk about possible security flaws — even if they were real — was part of a Republican effort to sabotage the health care law.
“I am not defending the launch,” Mr. Richmond said. “The launch was deplorable. What real leadership does is acknowledge it was deplorable and fix it.”
