Possible Belarus connection prompts probe of Healthcare.gov

U.S. intelligence community releases, then withdraws, report about programmers in Belarus doing work on Healthcare.gov

The U.S. Department of Health and Human Services launched a security probe of Healthcare.gov after a U.S. intelligence unit last week warned that portions of the Affordable Care Act website was built by software developers linked to the Belarus government.

The report, compiled by the Director of National Intelligence's Open Source Center, noted that Belarussian programmers may have built some of the software used to move patient information on Healthcare.gov and therefore may have access to data flowing through it, the Washington Free Beacon reported this week.

The software could enable cyberattacks on Healthcare.gov, unnamed government sources told the Free Beacon.

Caitlin Hayden, a spokeswoman for the White House National Security Council, Tuesday confirmed that the intelligence unit had released the report last week. She added that the report has since been recalled, but didn't elaborate.

"Beyond that I would say that immediately upon learning of the now-recalled report, HHS conducted a review to determine whether, in fact, any of the software associated with the Affordable Care Act was written by Belarussian software developers," Hayden said in emailed comments.

"So far HHS has found no indications that any software was developed in Belarus. However, as a matter of due diligence, they will continue to review the supply chain. Supply chain risk is real and it is one of our top concerns in the area of cybersecurity," she said.

Neither the HHS nor the DNI responded to a request for comment on when or why the Open Source Center recalled the report.

A DNI spokesman told Reuters that the unclassified daily update intelligence report was withdrawn because it had failed to meet internal review standards.

The U.S. intelligence report was apparently prompted by comments made by the director of a high-technology company in Minsk last year about the HHS being a client of the company. "Our programmers wrote the program that appears on the monitors in all hospitals and all insurance companies. They will see the full profile of the given patient," the director told Radio Russia, according to Reuters.

An unnamed Obama Administration official, quoted in the Reuters report, expressed doubt that the software described in the intelligence alert would be of any real use to nation state actors.

In comments to the Free Beacon, Michigan Republican Mike Rogers, chairman of the House Intelligence Committee, called for an independent security evaluation of Healthcare.gov.

Rogers told the Free Beacon he is particularly concerned over the intelligence report because the lead contractor of the Healthcare.gov project had testified before Congress about all the work for the network being done in the United States.

Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan, or subscribe to Jaikumar's RSS feed . His email address is jvijayan@computerworld.com.

Read more about security in Computerworld's Security Topic Center.

Join the CSO newsletter!

Error: Please check your email address.

Tags Gov't Legislation/RegulationregulationsecurityU.S. Department of Health and Human ServicesDepartment of HealthDirector of National Intelligencegovernmentintelwhite houseApp Development

More about Department of HealthNational Security CouncilReuters AustraliaTopic

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Jaikumar Vijayan

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts