ACA Health Exchange Contractors Have History of Security Failures

Lucas123 writes "Two of the contractors involved in developing online health insurance exchanges under the Affordable Care Act, which have been plagued by technical problems since launching this month, have had serious data security issues in the past. Quality Software Services developed the software for the Affordable Care Act's data services hub and oversaw development of tools to connect the hub to the databases of other federal agencies. Last June, an audit report by the Health and Human Services Inspector General found QSS failed to adhere to federal security standards (PDF) in delivering IT testing services for the Centers for Medicare & Medicaid Services. Additionally, services firm Serco suffered a major security breach in 2012. Serco won a five-year $1.3 billion contract to process and verify paper applications for health insurance via the online exchanges. Serco's breach exposed sensitive data of more than 123,000 members of the Thrift Savings Plan, a $313 billion retirement plan run by the U.S. Federal Retirement Thrift Investment Board. The exposed data included full names, addresses, Social Security Numbers, financial account information, and bank routing information."

Fifty-five contractors

[Dachannien]

Just the fact that there were 55 different contractors working on healthcare.gov is reason enough to suspect that major security flaws crept in.

The fact that the website was opened before any appreciable amount of testing was done is reason enough to suspect that most of those flaws are still undiscovered and uncorrected.

The government's project managers didn't even come up with a full specification for the largest contractor until this past Spring, with the expectation that everything would be done and ready for business on 1 October. It's a total clusterfuck, the true scope of which likely won't be discovered for several months.

http://www.newyorker.com/online/blogs/elements/2013/10/why-the-healthcaregov-train-wreck-happened-in-slow-motion.html

Re:Isn't this universal?

[smooth+wombat]

and Spanish speaking Americans are one of the key groups of the uninsured.

Then maybe they should learn to speak English instead of expecting the entire country to bend over backwards for them. The same goes the various Asian folks as well.

It's all well and good to speak two languages, but you shouldn't expect people to accommodate you because you're too lazy. If I emigrated to Vietnam, should I expect them to bend over backwards for me because I didn't learn their language? They'd laugh at me day and night if I told them they need to go out of their way to post everything in English.

But I guess it's easier to find a technical solution to a human problem than it is to fix the human problem.

Re:A few problems with that list...

[bzipitidoo]

I've done some work as a government contractor. It's messy. They demand that you account for every hour. If you are working on 3 different projects, you have to fill out a timesheet in which you detail which hours of every day you spent on each of those 3 projects. This sort of thing misses the point that it's results that count, not hours.

They are keenly aware of the public perception of them as bungling bureaucrats. Consequently, they can be extremely pushy and demanding. Often they bear down so hard that it is counterproductive.

They're also paranoid control freaks. They want contractors to work on computer systems that are under their control. Instead of working on your own equipment in your own offices, they'll insist you use their facilities. Then they provide antiquated, slow computers with ancient versions of Windows, and take weeks to getting around to details like installing a phone line. There are also a ton of rules. They'll want you to pay for a cell phone, but they don't want your cell phone to have any privacy. You basically need permission to sneeze, and more permission to wipe your nose. Want to encrypt a hard drive? Maybe just keep a few encrypted files on a hard drive? Can't do that without authorization.

It takes a good contractor to stop them from hamstringing a project with red tape. You have to trample upon all sorts of rules to get anything done, and you need a smooth management team to keep the bureaucrats from worrying about violations. They will overlook all kinds of petty violations as long as there are good results. Let a project falter though, and the piranhas come out.