By Jim Finkle and Caren Bohan
(Reuters) – Republicans opened a second front in their political battle against President Barack Obama’s healthcare program on Tuesday, with a coordinated effort to convince Americans not only that its main enrollment website is broken but that personal data is vulnerable to theft.
In a Republican-sponsored hearing in the U.S. House of Representatives, three security experts said HealthCare.gov has security flaws that put user data at risk despite government assurances.
“There are actual, live vulnerabilities on the site now,” David Kennedy, head of computer security consulting firm TrustedSec LLC, said in remarks before testifying on the topic “Is My Data on HealthCare.gov Secure?”
In a rapid “yes” or “no” question and answer session, Republican Representative Chris Collins of New York asked the experts about the security of the site:
“Do any of you think today that the site is secure?”
The answer was a unanimous “no.”
“Would you recommend today that this site be shut down until it is?”
Kennedy, Morgan Wright, CEO of Crowd Sourced Investigations and Fred Chang, cybersecurity chair at Southern Methodist University said “yes.”
Avi Rubin, director of the Information Security Institute at Johns Hopkins University, said he would need more information.
The White House said privacy and security of consumers personal information on the website is protected.
Separately, Republican House Majority Leader Eric Cantor told reporters that “individuals who are going on to the HealthCare.gov website are beginning to fear that perhaps their identity will be stolen.”
Henry Chao, the top technology official responsible for the site, assured lawmakers that the site was secure.
At the same time, however, Chao surprised a panel of the House Energy and Commerce Committee by stating that his team has not yet completed development of a payment system for consumers who ultimately purchase insurance through the health care marketplaces set up under the Affordable Care Act, which was passed in 2010.
“There’s the back office systems, the accounting systems, the payment systems – they still need to be built,” Chao said.
No one has to pay now for the insurance policies they are buying on the website because coverage under the law is not set to begin until January 1.
But with the malfunctioning site fresh in their minds, members of the panel seemed taken aback to hear that a crucial component of the program remained incomplete with just a month and a half remaining before coverage begins.
The website is an online exchange that allows consumers to shop for insurance plans under the law, which mandated that Americans have health insurance and created new marketplaces to buy and sell policies.
The site has been bedeviled by technical glitches since it opened for enrollment on October 1, although Obama administration officials have said they are making progress with repairs.
Getting millions of Americans to sign up, particularly young and healthy consumers, is critical to the program’s financial viability.
HealthCare.gov collects data including the names, birth dates, social security numbers, email addresses and healthcare information about its users that criminals could use to engage in a wide variety of scams.
The site lets people know invalid user names when logging in, allowing hackers to identify user IDs for the site, according to the report prepared for Tuesday’s hearing by Kennedy. It also describes more technical bugs that could lead to attacks.
The rollout of Obama’s signature domestic policy has hurt the popularity of the initiative, but the decline has been fairly modest, a Reuters/Ipsos poll showed on Monday.
Forty-one percent of Americans expressed support for the 2010 law popularly known as Obamacare in a survey conducted from Thursday to Monday. That was down 3 percentage points from a Reuters/Ipsos poll taken from September 27 to October 1.
Opposition to the healthcare law stood at 59 percent in the latest poll, versus 56 percent in the earlier survey.
(Reporting by Jim Finkle in Boston and Alina Selyukh in Washington; Editing by Fred Barbash, Ross Colvin and Grant McCool)