Security? We Don't Need No Stinking Security!

[Duaine]

Data Security for Obamacare Exchanges 'Months Behind' Schedule:

The missed deadlines have pushed the government's decision on whether information technology security is up to snuff to exactly one day before that crucial date, the Department of Health and Human Services' inspector general said in a report.

As a result, experts say, the exchanges might open with security flaws or, possibly but less likely, be delayed.

The report, released without fanfare last Friday, found that the Centers for Medicare & Medicaid Services or CMS - the agency within HHS that is running Obamacare - had set a May 13 deadline for its contractor to deliver a plan to test the security of the crucial information technology component.

A test was to have been performed between June 3 and 7. But the delivery deadline slipped and the test - assessing firewalls and other security elements - is now set for this week and next.


Data Security for Obamacare Exchanges 'Months Behind' Schedule | The Weekly Standard

 

[RayNY]

As someone with extensive computer knowledge, I feel correct in saying this:

Their in-house testing doesn't represent even 1% of what thousands of creative hackers can come up with.

Anyone remember SONY getting customer credit card info hacked, and then being DDoS attacked to cover it up, shutting them down for over 3 months? That was a group of less than 5 adolescents. Imagine what a few thousand adults can manage...

Hell, we even had one of our carriers hacked, they issued brokers free years of LifeLock because so much crucial info was stolen. The "hub" they built is like throwing a garage door into the back of Fort Knox and hoping no one decides to drive through. Now 7 or so major government institutions have garage doors to their info.

 

[stuy119]

Remember how many security questions were on the certification? Be prepared, folks - we're going to get blamed when information is stolen, not the feds, in spite of their shoddy security.

 

[Yagents]

This dog may not have wings after all

Government Official: Obamacare Privacy Protections Months Behind Schedule | Wall St. Cheat Sheet

“Several critical tasks remain to be completed in a short period of time,” noted Deputy Inspector General Gloria Jarmon in an August report on the status of the implementation of the exchanges. “If there are additional delays in completing the security authorization,” the chief information officer at the Centers for Medicare and Medicaid Services may not have the required “security controls needed for the security authorization decision” to open the exchanges in October.

According to Jarmon, the Centers for Medicare and Medicaid Services has delayed key deadlines by about two months. In March, CMS estimated that it would take 51 days — from July 15 to September 4 — to review the final Security Control Assessment report and make the final security authorization decision, steps that must be completed for the exchanges to open. Now, CMS is planning to squeeze that process into just 10 days.

 

[somarco]

Makes you wonder what kind of training and accountability the navigators will have.

Not really.

Just messin' wit ya.

ACORN (and their sequel) will have unfettered access to all kinds of records. Just gives me warm fuzzies.

 

[bluediamond]

Look at it this way Duaine and how well HIPPA and privacy works or does it? PHI is given out every day.

NSA is spying on all of us anyway and know's when I have to take a leak. Hacker's seem to be able to hack the pentagon. Might as well let her rip and let's get this thing going.