The Health and Human Services inspector general’s office detected slipshod practices in HelathCare.gov, according to Fox News.
Here are seven takeaways:
1. The auditors found the government was storing sensitive personal information of millions of health insurance customers in a computer system that had basic security flaws.
2. The Obama administration claimed it acted immediately to fix the problems, but many are still concerned about the government's negligence at a time when data breaches are at an all time high.
3. MIDAS is the $110 million system used as the central electronic storehouse for information collected by the government. The system has names, Social Security numbers, birth dates, addresses, phone numbers, passport numbers, employment status and financial account of customers on HealthCare.gov and state insurance marketplaces. CMS operates MIDAS.
4. Auditors found 135 database vulnerabilities. Almost two dozen of these vulnerabilities were classified as either potentially severe or catastrophic.
5. Ten million people are covered through HealthCare.gov and state marketplaces that offer taxpayer-subsidized private policies. Additionally, MIDAS keeps information of many other Americans including former customers.
6. The Obama administration officials told Congress and the public individuals the information would be primarily used to determine eligibility for coverage and the government was planning on storing the minimum amount of personal data possible. Officials said this before HealthCare.gov launched in 2013.
7. Andy Slavitt, CMS’s administrator, composed a written response to the auditors saying, "The privacy and security and security of consumers' personally identifiable information are a top priority." CMS is conducting weekly vulnerability assessment of MIDAS as well as an annual security review.