[Congressional Record (Bound Edition), Volume 159 (2013), Part 12]
[House]
[Pages 18101-18102]
[From the U.S. Government Publishing Office, www.gpo.gov]




            WWW.HEALTHCARE.GOV WEB SITE CYBERSECURITY ISSUES

  The SPEAKER pro tempore. The Chair recognizes the gentleman from 
Alabama (Mr. Brooks) for 5 minutes.
  Mr. BROOKS of Alabama. Mr. Speaker, the Science, Space, and 
Technology Committee recently held a hearing on www.healthcare.gov 
cybersecurity threats. Our bipartisan expert witness panel included Dr. 
Frederick Chang, a computer science professor at SMU; Dr. Aviel Rubin, 
a computer science professor at Johns Hopkins University; David 
Kennedy, formerly chief security officer of Diebold Incorporated and 
currently the principal security consultant for TrustedSec; and Morgan 
Wright, formerly with Cisco security and now CEO of Crowd Sourced 
Investigations.
  Now, I am not a cybersecurity expert, but I can read the words of 
those who are. The SST committee's hearing charter informs members 
that, in order to fully use www.healthcare.gov, American citizens must 
input or verify highly personal information, such as: date of birth and 
Social Security numbers for all family members, household salary, debt 
information, credit card information, place of employment, home 
addresses, and the like, information that is a treasure trove for 
cybercriminals and identity thieves.
  Further, the ObamaCare Web site interacts with the IRS and Social 
Security Administration databases, thereby exposing Americans to even 
greater risk of theft of their most private personal information. In 
their written testimony, these experts warn the following about the 
www.healthcare.gov Web site:
  ``There are clear indicators that even basic security was not built 
into the www.healthcare.gov Web site.''
  ``The vast amount of www.healthcare.gov code also means applying 
industry standard security practices is a task that can have no real 
chance of success.''
  www.healthcare.gov ``creates massive opportunity for fraud, scams, 
deceptive trade practices, identity theft, and more.''
  Mr. Speaker, these threats to American family finances prompted me to 
ask the panel of cybersecurity experts whether, under ObamaCare, 
Americans could seek compensation from the Federal Government for 
financial losses caused by their use of www.healthcare.gov. In reply, 
not one expert--not one--indicated ObamaCare

[[Page 18102]]

requires the Federal Government to compensate American citizens for 
cybersecurity financial losses caused by their forced use of the 
www.healthcare.gov Web site.
  If these experts are right, and if you are an American citizen who 
obeys ObamaCare dictates, and you suffer from identity theft or other 
financial losses, the White House response is essentially, Tough luck; 
you are on your own. Well, that is unsatisfactory and insufferable.
  I next asked the bipartisan panel of experts, ``Given 
www.healthcare.gov security issues and assuming for the moment that you 
would be personally responsible for all damages incurred, if any, from 
your advice, would any of you advise an American citizen to use this 
Web site as the security issues now exist?'' Their bipartisan response 
was a stunning and unanimous, No; do not use the Web site because the 
security risks associated with www.healthcare.gov are simply too great.
  Mr. Speaker, the ObamaCare Web site, www.healthcare.gov, is the 
mother lode for identity theft, Internet fraud, and other criminal 
activity.
  For emphasis, Mr. Speaker, a bipartisan panel of cybersecurity 
experts publicly warns that the www.healthcare.gov cybersecurity threat 
is so great that no one should use it. Based on their expert advice, I 
concur and encourage all Americans to avoid www.healthcare.gov, the 
ObamaCare Web site, in any way, shape, or form, until its cybersecurity 
risks are fixed.

                          ____________________