recommended reading

House Passes New Security Requirements for

Eric Gay/AP

The House voted by a substantial margin on Friday to impose stringent new security standards on

The vote would require the Health and Human Services Department to notify consumers within two business days if their personal information was hacked on the online health insurance marketplace. It comes following Republican claims that security on the site is more lax than the Obama administration admits and follows numerous earlier votes to repeal or pare back Obamacare.

The vote on the bill was 291 in favor and 122 opposed. Sixty-seven Democrats voted yes.

The bill was introduced on Tuesday by Rep. Joe Pitts, R-Pa., and debated and passed on the House floor three days later. As with previous anti-Obamacare measures, the bill, known as the Health Exchange Security and Transparency Act, is highly unlikely to pass the Senate and be signed by the president.

The White House slammed the proposed law on Thursday, saying it “would impose an administratively burdensome reporting requirement that is less effective than existing industry standards and those already in place for federal agencies.”

Health and Human Services officials have said meets the government’s information security standards and that there have been no successful breaches of people’s personal information on the site to date.

House investigators, led by Oversight and Government Reform Committee Chairman Rep. Darrell Issa, R-Calif., claim the Obama administration ignored numerous red flags in the rush to meet their Oct. 1 deadline for to go live, including a recommendation from the Centers for Medicare and Medicaid Services Chief Information Security Officer Teresa Fryer that the launch be delayed.

House Democrats claim Fryer’s warnings are taken out of context and the security risks on the website are overblown.

Both sets of claims are based on documents from contractors and government officials that have not been released publicly out of fear they could give hackers a “road map” into was nearly un-usable after its Oct. 1, 2013 launch due to about 400 coding glitches and insufficient storage space. The online marketplace has functioned at an acceptable level since Dec. 1 but analysts worry the early troubles may have made consumers wary of the site and could prevent the government from reaching its enrollment goal of 7 million people by the end of March.

If too few people enroll in the marketplace, that could increase risk and raise premiums to unaffordable levels. Concerns about security risks on the website could further depress enrollment.

Get the Nextgov iPhone app to keep up with government technology news.

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.


When you download a report, your information may be shared with the underwriters of that document.