NPR logo
Add Security To The List Of Tech Issues
  • Download
  • <iframe src="" width="100%" height="290" frameborder="0" scrolling="no" title="NPR embedded audio player">
  • Transcript
Add Security To The List Of Tech Issues

All Tech Considered


And now you can add security to the long list of problems plaguing - the enrollment site for the new health insurance exchanges.

As NPR's Elise Hu reports.

ELISE HU, BYLINE: How safe is the data you enter on That's a question on the minds of some lawmakers, like Michigan Republican Mike Rogers.

REPRESENTATIVE MIKE ROGERS: Has each piece of that code that's been introduced into the system been security tested?

HU: The memo leaked to the AP and The Washington Post shows an audit raised an unspecified high-risk security concern before the health care marketplace opened. But officials signed off on a temporary certificate to operate anyway. Rogers criticized Health and Human Services Secretary Kathleen Sebelius for that decision during a Wednesday hearing.

ROGERS: You accepted a risk of every user of this computer that put their personal financial information at risk.

HU: The personal information going into include birthdate, Social Security number, and an estimated income range. Sebelius says her team was OK with the temporary go-ahead because additional security controls were in place.

Waylon Krush is the head of Lunar Line, a cybersecurity firm that does work with dozens of federal government agencies.

WAYLON KRUSH: They get to make those decisions and those tradeoffs.

HU: He says HHS - which administers Medicare and Medicaid - actually has a lot of experience with data security.

KRUSH: They process, store, manage, review a lot more sensitive data than what, you know, your general citizen is going to put on, so I would say, from a risk perspective, it's pretty low, actually,

HU: But the agency's technological credibility is dwindling as programmers rush to fix ongoing issues with the error-riddled system. Now, programmers have to make sure they don't introduce new security risks with each patch. Again, Sebelius.

SECRETARY KATHLEEN SEBELIUS: I know they're doing simultaneous testing as new code is loaded.

HU: Krush says this attention on security presents a good reminder for all of us.

KRUSH: Everyone should always ask those questions whether it's commercial or government, how are you protecting my data?

HU: An important question, as more and more pieces of our lives exist online.

Elise Hu, NPR News, Washington.

Copyright © 2013 NPR. All rights reserved. Visit our website terms of use and permissions pages at for further information.

NPR transcripts are created on a rush deadline by Verb8tm, Inc., an NPR contractor, and produced using a proprietary transcription process developed with NPR. This text may not be in its final form and may be updated or revised in the future. Accuracy and availability may vary. The authoritative record of NPR’s programming is the audio record.



Please keep your community civil. All comments must follow the Community rules and terms of use, and will be moderated prior to posting. NPR reserves the right to use the comments we receive, in whole or in part, and to use the commenter's name and location, in any medium. See also the Terms of Use, Privacy Policy and Community FAQ.