HealthCare.gov Passes Critical Security Tests

Nearly three months after its launch, HealthCare.gov underwent end-to-end security testing and passed with flying colors, the top cybersecurity official overseeing the website told Congress today.

Teresa Fryer, the chief information security officer for the Centers for Medicare and Medicaid Services, told the House Oversight Committee that results from the tests have alleviated her earlier concerns about risks of cyberattacks and theft of consumers' personal information.

"This security control assessment met all industry standards, was an end-to-end test and was conducted in a stable environment that allowed for testing to be completed in the allotted time," Fryer told the panel. The assessment was completed Dec. 18, she said.

Fryer had expressed opposition to launching the site on Oct. 1 without proper security testing, but the administration proceeded with the launch against her advice. She also revealed in testimony last month that several "high-findings" of security risk had been flagged and resolved during intermediate testing in November and December.

Fryer told lawmakers today there have been no successful attacks on the website since Oct. 1, and that mitigation strategies to limit risks to cybersecurity have been effective.

"The protections that we have put in place have successfully prevented attacks," she said. "There have been no successful security attacks on the FFM [federal marketplace], and no person or group has maliciously accessed personally identifiable information.

"I would recommend that [HealthCare.gov] be given a new authority to operate when the current authority expires in March," Fryer told the committee.