Skip Navigation

Close and don't show again.

Your browser is out of date.

You may not get the full experience here on National Journal.

Please upgrade your browser to any of the following supported browsers:

CMS Memo Warned of Security Threat Before Obamacare Site Launch CMS Memo Warned of Security Threat Before Obamacare Site Launch

This ad will end in seconds
Close X

Want access to this content? Learn More »

Forget Your Password?

Don't have an account? Register »

Reveal Navigation


CMS Memo Warned of Security Threat Before Obamacare Site Launch


Tavenner(Photo by Chip Somodevilla/Getty Images)

An internal Centers for Medicare and Medicaid Services memo from three days before the launch of warned of a potential security threat, NPR reports.

"From a security perspective, the aspects of the system that were not tested due to the ongoing development, exposed a level of uncertainty that can be deemed as high risk for FFM [Federally Facilitated Marketplace]," said the Sept. 27 memo.


The memo was issued by CMS IT officials James Kerr and Henry Chao, and signed by CMS Administrator Marilyn Tavenner. 

The agency decided to go ahead with the Oct. 1 launch despite the risks, and it created a dedicated security team to monitor the risk. Tavenner said in a House Ways and Means hearing Tuesday that she believed the website was ready on Oct. 1, although she acknowledged there would be some glitches to work out.

At a House Energy and Commerce meeting Wednesday, Health and Human Services Secretary Kathleen Sebelius said temporary approval was given because there was a security risk "mitigation" plan.


The memo was provided in response to a request from the House Oversight Committee, CNN says. Committee Chairman Darrell Issa, R-Calif., has been launching an investigation into the launch of, and who in the administration knew of issues beforehand, and what is involved in the "tech surge" to fix the site.

Potential privacy and security issues have been a large talking point for Republicans against the online federal exchange. 

"You accepted a risk on behalf of every person that used this computer that put their personal and financial information at risk because you did not even have the most basic 'end-to-end' test on security of this system," Rep. Mike Rogers, R-Mich., said to Sebelius. "Amazon would never do this. ProFlowers would never do this. Kayak would never do this." 

comments powered by Disqus