At a House hearing Wednesday, Roberta Stempfley, acting assistant secretary of the Office of Cybersecurity and Communications at the Department of Homeland Security, tells committee members that there have been about 16 attempted cyber attacks on the HealthCare.gov website.
A top Homeland Security Department official testified Wednesday that there have been approximately 16 cyberattacks on the HealthCare.gov website and one "denial of service" attack that was unsuccessful.
The testimony by Roberta Stempfley, acting assistant secretary of homeland security's Office of Cybersecurity and Communications, was the first public acknowledgement by an administration official that there have been any cyberattacks on the Obamacare website.
As recently as Friday, a DHS spokesman said the department had no information about cyberattacks on the health care website.
On Wednesday, another department official admitted there had been “confusion” over statements on the issue, but added, “None of these incidents were considered significant. There have not been any reports … of any successful attacks on the HeathCare.gov website to date.”
The official noted, as a comparison, that DHS had recorded “approximately 228,700 cyber incidents” during the last fiscal year, “an average of more than 620 per day, involving federal agencies, critical infrastructure, and the department’s industry partners."
Stempfley, during her testimony, said the cyberattacks took place between Nov. 6 and Nov. 8 and were under investigation. She also said some information about cyber intrusions had come from “threat information provided to us from intelligence sources.”
Stempfley offered no other details about the attacks in response to questions by Rep. Mike McCaul, R-Texas, chairman of the House Homeland Security committee. Republicans have sought to make an issue about potential security vulnerabilities of the health insurance website at the center of President Barack Obama’s signature Affordable Care Act.
At Wednesday’s hearing, they cited a Sept. 3, 2013, memo from Henry Trinkle, then the chief information officer for the website, granting an “authorization to operate” the health care system’s federal exchange marketplace, which maintains personal information records of consumers enrolling for insurance. The approval was predicated on additional security fixes after the Oct. 1 launch date. The Trinkle memo, which is heavily redacted in part, states that if some of those fixes are not made by next May, “the threat and risk potential is limitless.”
Noting the large amount of personal information that will be entered by consumers applying for health insurance on the site -- including Social Security numbers, addresses and income information -- McCaul said in his opening statement: "All of this information is a tempting target for hackers, identity thieves and other malicious actors. We already have reported cases of hacks, fraudulent websites and documented security vulnerabilities in the system."
Obama administration officials have repeatedly denied there are security issues related to the health care website. In a recent statement to NBC News, Jo Anne Peters, press secretary to Health and Human Services Secretary Kathleen Sebelius, said that consumers “can trust that the information they’re providing is protected by stringent security standards and that the technology underlying the application process has been tested and is secure.”
More from NBC News Investigations:
- GAO: $1 billion TSA behavioral screening program 'slightly better than chance'
- Former US Marine led kidnap gang, Mexican authorities say
- Air National Guard drone crashes into Lake Ontario, military says
Read and vote on readers' story tips and suggested topics for investigation or submit your own.