In a final surrender to public criticism of the Obamacare website, news stories focused on the appointment of a Kurt DelBene, formally the Microsoft Office lead, to oversee the development of the website. Considering his status in such a large company, odds are, he has a bigger job than helping the CMS folks out with a website that is still broken. Why anyone with this pedigree would agree to a task like that, is beyond me.
A New York Daily news piece quoted the HHS Secretary said his focus would be on increasing system stability, redundancy and capacity, and the user interface. Tacked on the end, like the HHS security has been all along, is a short piece that adds he will continue to "prioritize security and privacy issues."
“Kurt will ... focus on increasing system stability, redundancy and capacity, and building on improvements to the user interface, while continuing to prioritize security and privacy issues,” U.S. Health and Human Services Secretary Kathleen Sebelius said in a blog posting.
http://www.nydailynews.com/news/politics/microsoft-executive-named-oversee-obamacare-website-article-1.1550918#ixzz2npl7bHRI
The kinds of changes that are being made will continue to change the ability to secure this data. Change is usually not a security officer's friend. We are already seeing indications of fraud in user registrations, no doubt started by the mills that create phony Medicare and Medicaid customers and treat them with fictitious doctors, multiple times, until somebody in law enforcement finally takes up the case. There are millions of dollars in fraud that can't seem to be stopped, and this will make those numbers seem small.
Years ago, a risk assessment of the IRS electronic filing system told the CIO the risks to deploy the system were too great and it should be postponed until it could be fixed. At that time, he didn't even want to see the report and did not look at it. In the first year, there was a fraud in Texas that got a few people $8 Million in refunds that they weren't entitled to. That was only one of many. The problem didn't affect the IRS very much, but it did affect tax payers who had "already been paid" for their refund.
The people who accept risk today are accepting risks for data they don't own, don't control, and affect every man, woman and child in the U.S. who pays taxes or receives Social Security. Identity thieves were not even thought about when electronic filing was introduced, but now it is an advanced and sophisticated crime, not fairly portrayed in the movie by the same name. Gangs of good hackers in Eastern Europe are exceptionally good at creating credit cards and bank accounts in somebody else's name. All they need is raw data.
So, while HHS plays games with our data, we will hear about it in a few months, when the bills start coming in. Then, maybe we can get HHS to tell some of the people who had their data stolen that they got hacked. If they know.... Amazon books
No comments:
Post a Comment