Republicans in Congress have used potential security shortcomings in the Healthcare.gov website to advocate for the repeal of the Affordable Care Act, but Congressman Darrell Issa (R-CA) may be the site’s biggest security concern.
Issa — the Chairman of the House Oversight and Reform Committee — has issued a subpoena of documents that, if made public, could leave the Healthcare.gov website and its visitors vulnerable to hackers. The subpoena calls for the MITRE Corporation, which conducted security reviews of the website for the Department of Health and Human Services (HHS), to turn over documents that include code and security breaches. MITRE has resisted the subpoena, warning in letters to Issa that handing over physical copies would compromise their “obligation to protect sensitive information which could pose a threat to the confidentiality of personal citizens’ information if disclosed.”
HHS has also refused to turn over the sensitive documents to the Chairman, citing their lack of trust that Issa will keep secure documents that could give a “roadmap” to hackers attempting to infiltrate the system. In an October hearing on the consular attack in Benghazi, Chairman Issa leaked the names of Libyans working with the United States, putting their lives at risk. The congressman also presided over a TSA hearing in 2011 that resulted in the release of documents that publicly exposed airport security breaches.
Issa and his staffers have already seen the documents in question, after MITRE produced unredacted copies for committee staff to review, but not keep. The committee’s Ranking Member, Elijah Cummings (D-MD), questioned the necessity of risking another leak by demanding physical copies. “The Committee has already obtained the information at issue,” Cummings wrote in a letter to the Chairman urging him to drop the subpoena. “Both Republican and Democratic Committee staff have reviewed these documents in their full unredacted form, and HHS has offered to make them available for review by all Members of the Committee at their convenience.”
If the Chairman is successful in obtaining the sensitive documents, Cummings has insisted that the Chairman “abide by the House Rules and not release these documents to anyone who is not a Member of the Committee or a member of its staff until the Committee has an opportunity to vote on their appropriate handling.”