The ranking Democrat on the House’s chief investigative committee claimed on Wednesday that his Republican counterpart wasn’t doing enough to safeguard subpoenaed contractor documents that detail early security gaps within HealthCare.gov, the Obama administration’s online health insurance marketplace.
Those documents, which Chairman Darrell Issa, R-Calif., says demonstrate the White House hasn’t been honest about the website’s security risks, will form the basis of a House Oversight and Government Reform Committee hearing on Thursday.
There were two occasions during the past week in which some of the subpoenaed documents were left unattended in an unlocked room accessible to the public, according to a letter oversight’s ranking member Elijah Cummings, D-Md., sent to Issa and released to reporters.
In an emailed response to Nextgov, Issa Spokesman Frederick Hill called Cummings’ charges a “false controversy” meant to distract from security concerns the documents raise.
In one of the two instances, he said, the documents remained in one room of the committee’s suite after staff members moved to an adjoining room. In the other instance, he said, Democratic staff members brought the documents into the room and collected them when they left.
“At no point were sensitive documents handled inappropriately,” he said.
Cummings’ letter called on Issa to adopt standard protocols for how the committee will manage the subpoenaed documents, which both sides agree could give hackers a roadmap into HealthCare.gov. Cummings also requested a list of non-government security experts Issa has consulted about the documents.
“If they do not work for the government or any of its contractors, it is unclear what contractual or other restrictions they are under not to disclose this sensitive information further,” he wrote.
Thursday’s hearing will include testimony from Health and Human Services Department security officials but not from outside security experts.
Portions of the documents that Issa has released show contractors and government officials were concerned before launch that HealthCare.gov hadn’t undergone enough security testing and considered advising delaying the its Oct. 1 launch date.
Democrats on the oversight committee say Issa’s claims are overblown and presented out of context.
HealthCare.gov meets federal information security standards and there have been no successful hacks into the site or unauthorized release of citizens’ personal information, according to HHS.
HealthCare.gov was beset with more than 400 software glitches and insufficient storage space when it first launched. The site has been operating smoothly since Dec. 1, but Issa claims security gaps may remain.
Get the Nextgov iPhone app to keep up with government technology news.