8:54 AM, Dec 9, 2013 • By JERYL BIER
Concerns have increased over the security of personal information collected by the Department of Health and Human Services (HHS) as the volume of personal data has multiplied dramatically with the implementation of Obamacare. Security experts have testified before Congress about flaws they have uncovered at Healthcare.gov, and various press reports have related other potential problems with the website or with information flowing to the Federal Services Data Hub that could be exploited by hackers and identify thieves. An HHS document dated December 5 describing a more than 500 percent increase in the monitoring of cyber threat indicators since April 2013 may only increase those concerns.
The document states that the agency's Computer Security Incidents Response Center (CSIRC) has experienced more than a five-fold increase in the number of "indicators" monitored by the center in just the last eight months alone. To cope with the potential threats from this vast increase in data, HHS intends to negotiate a sole-source contract to Cyber Squared, an Arlington, Virginia, cyber security firm after allowing less than four days (including a weekend) for responses from other interested firms, and even explicitly states that HHS is not soliciting competitive quotations. HHS describes the apparently urgent need for upgraded threat monitoring as follows:
In the past eight months the number of indicators monitored by the CSIRC has grown well over 500 percent. With the inclusion of the federal Healthcare Threat Operations Center (HTOC) information sharing data from HHS CSO, VA-Network Security Operations Center (VA-NSOC), and the Space and Naval Warfare NSOC for Medical Health Systems (SPAWAR NSOC (MHS), the ability to analyze and correlate this much data requires the use of Threat Connect to be effective and efficient in combating cyber threats. This capability will allow for the joint collection and tracking of internally and externally derived indicators more efficiently as well as facilitate the analysis and correlation of a threat.
Some of the terminology used in this document raises questions about the scope of the monitoring. For instance, although the document references the "Healthcare Threat Operations Center (HTOC)", the federal government's 2013 Information Sharing Services annual report to Congress makes no mention of the HTOC among the five Federal Cybersecurity Centers, nor is there any other reference to a "Healthcare Threat Operations Center" on the HHS website or any other government website. References to each of the other potential data sources can be found on various government websites and documents.
The notice regarding ThreatConnect was posted by HHS at 3:42 PM on Thursday, December 5, and stated that responses would be needed by 8:00 a.m., Monday, December 9. The documentation accompanying the notice does not explicitly mention the Affordable Care Act or Healthcare.gov, but emails sent Thursday to the listed contracting officer and the HHS press office requesting clarification have not been returned.
10:14 AM, Nov 27, 2013 • By JERYL BIER
The Internal Revenue Service is conducting a pilot program allowing IRS employees to use personal smart phones to access government email accounts and other work related information. The program is known as Bring Your Own Device (BYOD), and the Treasury Inspector General for Tax Administration (TIGTA) has raised concerns about the security and cost-effectiveness of the program in a recent report:
10:25 AM, Nov 25, 2013 • By JERYL BIER
The terrorist attack against the U.S. diplomatic post in Benghazi, Libya on September 11, 2012, awakened renewed interest in the security of overseas consulates and embassy facilities. A recent report by the State Department's Office of the Inspector General spotlights some major concerns regarding the safety of American diplomats and staff in Minsk, Belarus, as well as the security of communications. The report notes that some progress has been made during the last year, but more remains to be done.
12:01 PM, Nov 6, 2013 • By DANIEL HALPER
Health and Human Services secretary Kathleen Sebelius said today that Obamacare navigators don't need to undergo criminal background checks:
6:14 PM, Oct 17, 2013 • By DANIEL HALPER
The president will "nominate former Pentagon attorney Jeh Johnson as the next secretary of homeland security," USA Today reports.
1:23 PM, Oct 4, 2013 • By JERYL BIER
A portion of the website of the Substance Abuse and Mental Health Services Administration (SAMHSA) was apparently hacked as long as two months ago. SAMHSA is an agency of the Department of Health and Human Services (HHS). HHS also runs the new Obamacare insurance marketplace, Healthcare.gov.
9:05 AM, Sep 14, 2013 • By JEFFREY H. ANDERSON
With Obamacare’s massive Patient Data Hub poised to open soon, a sloppy mistake by an Obamacare employee hasn’t exactly inspired confidence that Americans’ private information will be closely guarded by Obamacare’s powers-that-be. As the Minneapolis Star Tribune reports (and Andrew Johnson
Plus, the law's privacy problems haven't disappeared.2:42 PM, Sep 12, 2013 • By MICHAEL WARREN
As the October 1 implementation of parts of Obamacare nears, House Republicans continue to pass legislation aimed at highlighting the health care law's flaws and weaknesses. On Thursday, the House passed a bill to reform an Obamacare verification process that would better stop fraudulent claims to health insurance subsidies. Politico reports:
7:21 AM, Aug 23, 2013 • By DANIEL HALPER
President Barack Obama defended the NSA surveillance program in an interview with CNN's Chris Cuomo this morning.
On the NSA surveillance program, Cuomo asked, "Are you confident that you know everything that's going on within that agency and that you can say to the American people, 'It's all done the right way'?"
Photocopier purchased by CBS, previously leased by Affinity, had personal health information on up to 344,579 individuals.8:31 AM, Aug 15, 2013 • By JERYL BIER
As questions remain about the security of the Federal Services Data Hub to be used in conjunction with the Obamacare marketplaces beginning October 1, the Department of Health and Human Services (HHS) has agreed to a settlement with the not-for-profit Affinity Health Plans, Inc., for the company's "potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules." The case stemmed from a photocopier purchased by CBS News and previously leased by Affinity that still contained sensitive personal health information on up to 344,579 individuals:
1:07 PM, Aug 5, 2013 • By JERYL BIER
Details of President Obama's West coast trip this week, information usually reserved for pre-screened media outlets, were apparently inadvertently posted on the White House website for about 24 hours this weekend before being abruptly removed without comment on Monday morning.
3:03 PM, Aug 1, 2013 • By DANIEL HALPER
The United States will "close an unspecified number of embassies around the world" because of "security concerns," AFP reports. The closures will take place on Sunday.
The wire service adds:
'Misconduct by Transportation Security Administration workers has increased more than 26%'8:14 AM, Jul 31, 2013 • By GEOFFREY NORMAN
Seems the Transportation Security Administration has a problem. In short, many of the people who frisk you, paw through your luggage, and herd you like cattle through the lines at the airport are stealing on the job. Among other derelictions. And the problem, as CNN reports, is growing:
12:32 PM, Jul 15, 2013 • By JERYL BIER
Nine months after the terror attacks at a U.S. diplomatic post in Benghazi, Libya, an audit of five "selected high threat level posts" of the State Department by the Office of the Inspector General (OIG) reveals cause for concern. The report found that the facilities in question failed to comply with current security standards and that "common physical and procedural security deficiencies" were found [emphasis added]:
3:25 PM, Jun 28, 2013 • By DANIEL HALPER
At the Radisson Blu in Dakar, Senegal, President Obama tried to get reporters to write about issues he believes are important. "[M]illet and maize and fertilizer doesn’t always make for sexy copy, but I very much hope that all the press who were in attendance today generate a story about this," Obama told the press.
The remarks came after a Food Security Expo in the African nation.