HealthCare.gov took off without a test-flight, memo says

security risks220When Boeing builds an airplane, several parts are constructed separately — the engines, the fuselage, the landing gear.  While these parts go through manufacturers’ testing, when they are finally assembled into a completed aircraft, Boeing flies the thing to make sure it’s airworthy. (Airbus does this too)

It sure sounds like HealthCare.gov took off without a similar test flight.

A memo leaked to journalists on Wednesday showed that developers expressed concern that the various parts of HealthCare.gov were not tested together before the site launched. While the components were tested separately, “there are inherent risks with not having all code tested in a single environment,” the memo, which was addressed to Medicate chief Marilyn Tavenner, said.

Also, because so much of the site’s code was in flux right until the deadline, some components couldn’t be sufficiently tested.

“The system requires rapid development and release of hot-fixes and patches so it is not always available or stable during the duration of testing,” the memo reads.

This doesn’t mean hackers have stolen data from HealthCare.gov, or even that the site is insecure; it means security experts haven’t certified the site’s safety, and that best practices were not followed.

Plenty of developers are familiar with such fly-by-the-seat-of-their pants processes.  HealthCare.gov is not the first site to launch before it was ready for prime time.  But the memo seems to confirm speculation that there wasn’t nearly enough time devoted to testing before the website launched. Given its importance to Obamacare, and the importance of information consumers are being asked to share with the site, that’s a mistake.

When I used to edit small, severely understaffed newspapers, as the press deadline drew close and I knew we were working to fast, I would often say, “I can feel the mistakes and typos. I can’t see them, there’s no time, but I can feel them.”  That’s how security professionals often feel in these situations.  Sadly, Oct. 1 was an artificial deadline, and it didn’t have to work this way.

 

 

About Bob Sullivan 1381 Articles
BOB SULLIVAN is a veteran journalist and the author of four books, including the 2008 New York Times Best-Seller, Gotcha Capitalism, and the 2010 New York Times Best Seller, Stop Getting Ripped Off! His latest, The Plateau Effect, was published in 2013, and as a paperback, called Getting Unstuck in 2014. He has won the Society of Professional Journalists prestigious Public Service award, a Peabody award, and The Consumer Federation of America Betty Furness award, and been given Consumer Action’s Consumer Excellence Award.

Be the first to comment

Leave a Reply

Your email address will not be published.


*


This site uses Akismet to reduce spam. Learn how your comment data is processed.