Slashdot Mirror

← Back to Stories (view on slashdot.org)

ACA Health Exchange Contractors Have History of Security Failures

Posted by Unknown on from the inflated-insurance-rates-now-with-identity-theft dept.

Lucas123 writes "Two of the contractors involved in developing online health insurance exchanges under the Affordable Care Act, which have been plagued by technical problems since launching this month, have had serious data security issues in the past. Quality Software Services developed the software for the Affordable Care Act's data services hub and oversaw development of tools to connect the hub to the databases of other federal agencies. Last June, an audit report by the Health and Human Services Inspector General found QSS failed to adhere to federal security standards (PDF) in delivering IT testing services for the Centers for Medicare & Medicaid Services. Additionally, services firm Serco suffered a major security breach in 2012. Serco won a five-year $1.3 billion contract to process and verify paper applications for health insurance via the online exchanges. Serco's breach exposed sensitive data of more than 123,000 members of the Thrift Savings Plan, a $313 billion retirement plan run by the U.S. Federal Retirement Thrift Investment Board. The exposed data included full names, addresses, Social Security Numbers, financial account information, and bank routing information."

3 of 144 comments (clear)

  1. Open Source It by ZeroSerenity · · Score: 3, Interesting

    You can sign the petition here.

    --
    For those who seek perfection there can be no rest on this side of the grave.
  2. Re:Stop using contractors by ZombieBraintrust · · Score: 4, Interesting

    the biggest contractor, CGI Federal, was awarded its $94 million contract in December 2011. But the government was so slow in issuing specifications that the firm did not start writing software code until this spring. As late as the last week of September, officials were still changing features of the Web site.

    If there is no specification then your going to get a crap product. If they started in Spring then there is no way they finished in time to do several months of testing, bug fixing, and regeressing testing.

  3. Re:This is pathetic. by phantomfive · · Score: 3, Interesting

    On the other hand, how the fuck did we end up with this crap? You cannot roll out a project to millions of users this quickly and without adequate load testing.

    The did adequate load testing. The testing results said the site would fail under load. They released it anyway. The flaws are there, but they were not in the testing.

    --
    "First they came for the slanderers and i said nothing."