House chairman calls for more HealthCare.gov scrutiny

House Science Committee Chairman Lamar Smith (R-Texas) on Thursday called for the Government Accountability Office to expand its study of the security risks at HealthCare.gov.

The Texas Republican accused the Obama administration of trying to “cut corners that have put the personal data of millions of Americans at risk” in developing the site.

{mosads}“In addition to the website’s initial security failings, many Americans now worry about how the Heartbleed bug may compound the risk of financial or medical identity theft for those forced by the government to create Healthcare.gov accounts,” he wrote to the GAO on Thursday, referring to the site’s recent request for people to change their passwords because of the bug.

The “Heartbleed” glitch in the common OpenSSL encryption technology affected hundreds of thousands of sites across the Internet, including giants like Google and Facebook. Though the bug existed online for about two years without notice, so far it has not been reported to have been used in any major cyberattacks.

The GAO is already conducting an audit of the website’s security and privacy, but Smith said in his letter that it also needs to examine the source code, developer supply chain and other issues in a more comprehensive way.

“The American people deserve a thorough audit of the website to ensure that their personal data, including birth dates, social security numbers and household incomes, is secured,” he wrote.

“This is one of the largest undertakings by the federal government in our nation’s history—and the stakes are high to ensure that the website is secure.”

HealthCare.gov has been a headache for the Obama administration since its bumpy rollout in October.

A tech surge got the site on the right footing, but Republican lawmakers have kept up the pressure since then, worrying that mismanagement with the site’s rollout could be a sign of broader security flaws.