Possible Belarus Connection Prompts Probe of Healthcare.gov
The U.S. Department of Health and Human Services launched a security probe of Healthcare.gov after a U.S. intelligence unit last week warned that portions of the Affordable Care Act website was built by software developers linked to the Belarus government.
Wed, February 05, 2014
Computerworld — The U.S. Department of Health and Human Services launched a security probe of Healthcare.gov after a U.S. intelligence unit last week warned that portions of the Affordable Care Act website was built by software developers linked to the Belarus government.
The report, compiled by the Director of National Intelligence's Open Source Center, noted that Belarussian programmers may have built some of the software used to move patient information on Healthcare.gov and therefore may have access to data flowing through it, the Washington Free Beacon reported this week.
The software could enable cyberattacks on Healthcare.gov, unnamed government sources told the Free Beacon.
Caitlin Hayden, a spokeswoman for the White House National Security Council, Tuesday confirmed that the intelligence unit had released the report last week. She added that the report has since been recalled, but didn't elaborate.
"Beyond that I would say that immediately upon learning of the now-recalled report, HHS conducted a review to determine whether, in fact, any of the software associated with the Affordable Care Act was written by Belarussian software developers," Hayden said in emailed comments.
"So far HHS has found no indications that any software was developed in Belarus. However, as a matter of due diligence, they will continue to review the supply chain. Supply chain risk is real and it is one of our top concerns in the area of cybersecurity," she said.
Neither the HHS nor the DNI responded to a request for comment on when or why the Open Source Center recalled the report.
A DNI spokesman told Reuters that the unclassified daily update intelligence report was withdrawn because it had failed to meet internal review standards.
The U.S. intelligence report was apparently prompted by comments made by the director of a high-technology company in Minsk last year about the HHS being a client of the company. "Our programmers wrote the program that appears on the monitors in all hospitals and all insurance companies. They will see the full profile of the given patient," the director told Radio Russia, according to Reuters.
An unnamed Obama Administration official, quoted in the Reuters report, expressed doubt that the software described in the intelligence alert would be of any real use to nation state actors.
In comments to the Free Beacon, Michigan Republican Mike Rogers, chairman of the House Intelligence Committee, called for an independent security evaluation of Healthcare.gov.
Rogers told the Free Beacon he is particularly concerned over the intelligence report because the lead contractor of the Healthcare.gov project had testified before Congress about all the work for the network being done in the United States.
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan, or subscribe to Jaikumar's RSS feed . His email address is email@example.com.
Read more about security in Computerworld's Security Topic Center.