On Thursday, Stephanie Condon at CBS News reported ("Security chief: HealthCare.gov has passed security testing") that Teresa Fryer, who had recommended against allowing HealthCare.gov going live before its October launch but was overruled, "told Congress ... that the Obamacare website passed security testing in December, and she would recommend that its official Authority to Operate (ATO) be extended when the current ATO expires in March."
On Friday at the Associated Press, aka the Administration's Press, Ricardo Alonso-Zaldivar, in an otherwise keister-covering dispatch apparently designed to show that Health and Human Services Secretary Kathleen Sebelius was really, really unaware of the web site's prelaunch security problems, claimed without qualification that "There have been no successful attacks on the site" — even though by law the government "need never notify customers that their personal information has been hacked or possibly compromised."
Major establishment press outlets ignored Friday's news that "Teresa Fryer, the chief information security officer for the Centers for Medicare and Medicaid Services (CMS) ... explicitly recommended denial of the website’s Authority to Operate (ATO), but was overruled by her superiors." Fryer also "refused to put her name on a letter recommending a temporary ATO be granted for six months" In other words, HealthCare.gov should not have launched.
Brian Fung at the Washington Post's "The Switch" blog didn't consider the idea that HC.gov shouldn't even have gone live the most important story element. While failing to disclose Fryer's no-go recommendation and refusal to go along, he and his post's headline instead obsessed over whether Republican Congressman and House Oversight Committee chair Darrell Issa might "release files" that "could aid hackers." It wouldn't be a surprise to learn that hackers already have them, or at least have figured out how to work with or around them. Excerpts follow the jump (bolds are mine):
Friday morning, CBS News's Sharyl Attkisson reported that Teresa Fryer, the chief information security officer for the Centers for Medicare and Medicaid Services (CMS), "told Congress there have been two, serious high-risk findings since the website’s launch." Further, Fryer "told congressional interviewers that she explicitly recommended denial of the website’s Authority to Operate (ATO)" in late September, "but was overruled by her superiors." Fryer's statements make sworn assertions by HHS Secretary Kathleen Sebelius that "no senior official reporting to me ever advised me that we should delay" at best difficult to believe.
While the press properly devotes attention to serious security breaches at leading retailer Target, the arguably more serious problems at HealthCare.gov continue to get scant attention. Searches on Fryer's name (not in quotes) at the Associated Press, the New York Times, and Politico all return nothing relevant. Excerpts from Attkisson's startling, read-the-whole-thing report follow the jump (bolds are mine):