An official with the U.S. Department of Homeland Security's Office of Cybersecurity and Communications revealed at a House committee hearing Wednesday that DHS was aware of roughly 16 reports of cybersecurity threats to Healthcare.gov from the U.S. Department of Health & Human Services.
According to Roberta Stempfley, acting assistant secretary for the DHS office, hackers also tried--unsuccessfully--to organize a "denial of service" attack that ultimately would shut the site down, Reuters reported.
The news comes three months after Senate Republicans, led by Utah's Orrin Hatch, asked the Government Accountability Office to review security and privacy features of the data services hub connecting state health insurance exchanges with federal agencies. In June, 16 Republican lawmakers also raised concerns about the hub in a letter sent to HHS Secretary Kathleen Sebelius.
In their letter, the lawmakers took issue with the fact that HHS missed "several key deadlines" for the implementation of the insurance exchanges. "It remains unclear whether it will be operable and able to protect sensitive health and taxpayer information," they wrote. "[T]he Federal Data Services Hub raises many serious privacy concerns."
One lawmaker who signed the letter--Rep. Diane Black of Tennessee--brought up similar concerns in an opinion piece published in May in U.S. News & World Report. In that piece, she called the potential for abuse of information to be stored on the hub "staggering."
Rep. Michael McCaul (R-Texas), chairman of the Homeland Security Committee, called Healthcare.gov "a goldmine for hackers," adding that Stempfley's revelations were only "the tip of the iceberg."
"All of this information is a tempting target for hackers, identity thieves and other malicious actors," McCaul said in a prepared statement to open the hearing. "Even if a system worked properly, the centralization of so much personal data would create security concerns. But in this case, Healthcare.gov is so flawed those concerns are even greater."