House Oversight and Government Reform Committee Chairman Rep. Darrell Issa (R-Calif.) said on Tuesday that he will meet with Health and Human Services Secretary Kathleen Sebelius to discuss security concerns with the healthcare exchange before its launch.
Issa reviewed security documents provided by MITRE, one of the website’s contractors, before accepting a White House offer on Tuesday to meet with Sebelius.
“Of the 28 separate security vulnerabilities identified in the Oct. 11 report, MITRE reported that 19 remained unaddressed,” Issa said. “Among the unaddressed security risks that went live on Oct. 1, MITRE indicated 11 ‘will significantly impact the confidentiality, integrity and/or availability of the system or data…’ if the technical or procedural vulnerability is exploited.”
Issa welcomed a “page-by-page” discussion about the documents released by MITRE and other factors that could impact the confidentiality, integrity or availability of the system with Sebelius.
“While I am withholding sensitive technical details, one security finding summary states, ‘any malicious user having knowledge of this can perform unauthorized functions,'” Issa said. “The summary of another discusses a system weakness that makes a particular type of sensitive information vulnerable…”
Issa also discussed a third document that outlines an issue that HHS was supposed to address before the Oct. 1 system launch that could allow a cyber attacker to view and edit personal information.