Judicial Watch today released 944 pages of Department of Health and Human Services (HHS) records showing that the Obamacare website was launched despite serious concerns by its security testing contractor, Mitre Corporation, as well as internal executive-level apprehension about security.
The documents reveal that Mitre recommended a “Denial Authorization to Operate” in the month prior to Obamacare’s launch, noting that it could not adequately test the confidentiality and integrity of the system. It said that complete end-to-end testing of the system never occurred. Miter found that 11 “moderate” security findings and eight “low” findings remained open as September 19, 2013 – 12 days before the launch.
And an unsigned “Authorization to Operate” prepared just five days before Obamacare’s launch, indicates that the site’s “validation contractor” was “unable to adequately test the confidentiality and integrity of the [Federally Facilitated Marketplace] system in full.” That contractor, Blue Canopy, noted that they were able to access data “that should not be publically accessible.”
. . .
Judicial Watch today released over 1,000 pages of new documents that show federal health care officials knew that the Obamacare website, when it launched in 2013, did not have the required “authorization to operate” from agency information security officials. These documents, obtained from the U.S. Department of Health and Human Services, come in two productions of records: a 143-page production and an 886-page production. The email records reveal that HHS officials had significant concerns about the security of the Healthcare.gov site leading up to its October 1, 2013, launch.