ObamaCare project manager not shown memo that describes the security flaws posed “limitless” risk

By 4 Comments 775 views


Oh boy:

Henry Chao, HealthCare.gov’s chief project manager at the Centers for Medicare and Medicaid Services (CMS), gave nine hours of closed-door testimony to the House Oversight Committee in advance of this week’s hearing.

…Chao said he was unaware of a Sept. 3 government memo written by another senior official at CMS. It found two high-risk issues, which are redacted for security reasons. The memo said “the threat and risk potential (to the system) is limitless.” The memo shows CMS gave deadlines of mid-2014 and early 2015 to address them

…It was Chao who recommended it was safe to launch the website Oct. 1. When shown the security risk memo, Chao said, “I just want to say that I haven’t seen this before.”

A Republican staff lawyer asked, “Do you find it surprising that you haven’t seen this before?”

Chao replied, “Yeah … I mean, wouldn’t you be surprised if you were me?” He later added: “It is disturbing. I mean, I don’t deny that this is … a fairly nonstandard way” to proceed.

This proves that it was a complete and utter lie when the HHS said that they believed the site was safe for launch October 1st and that they could just fix it as time went on. This memo said it would take at least 9 months at the earliest to fix “unlimited security threats”.


As it turns out, the memo was written by — ta da — Tony Trenkle, lead tech officer for Healthcare.gov who left last week under mysteriously vague circumstances. As CBS reported, Trenkle himself never signed off on security for the site in September; it was his boss, Marilyn Tavenner, who signed the authorization, supposedly because she thought that a project this big should carry the John Hancock of the head of CMS. Is that the truth, or did Trenkle refuse to sign because he knew the site’s security was a travesty and couldn’t in good conscience authorize launching it? The fact that he wrote such a dire memo about “limitless” risk suggests that he knew the extent of the problem — and yet, if you believe Chao, that information somehow never made its way to the project manager. Why? Why are there so many unorthodox procedures related to approval of the site’s security here? Did Tavenner, at least, see Trenkle’s memo before she authorized the launch or was it withheld from her too? If she did see it, why didn’t she tell Obama and Sebelius that security was too weak to justify rolling it out now?

I assume CMS will try to pin all of this on Trenkle by claiming he didn’t do enough to warn his superiors about how bad things were. And yet the fact remains: He wrote the memo. He wanted someone to see it.

So who is to blame here? Seeing as how the memo found its way to Congress I’m sure it wouldn’t take that much legwork to find out how far up that memo went, and who suppressed it or who ordered it suppressed.

Stay tuned.

Curt served in the Marine Corps for four years and has been a law enforcement officer in Los Angeles for the last 24 years.

4 Responses to “ObamaCare project manager not shown memo that describes the security flaws posed “limitless” risk”

  1. 1


    I just don’t understand any of this. I know this website is for the government, but software development follows a very specific design called the SDLC, systems development life cycle. There are several different styles of management for the SDLC, I personally like Agile, but they are all very detailed. Things like this don’t happen. Software developers have learned from some of the greatest mistakes ever. I’m not saying mistakes don’t happen, but not mistakes like this.
    This is like the 1999 NASA mistake where on division used imperial units of measurement and the other metric. Result……Mars climate observer crashed into the planet.

  2. 2


    More like General Chaos ! I understand that the site is intended to integrate information with SS, HS, IRS and who knows what other government data tank. All of these connections would seem to present a hugely complicated labyrinth of colliding data streams randomly vulnerable to being diverted from the original destination. Obamian Motion so to speak.

  3. 3

    Common Sense

    Strategically Republicans need to call out all the Democrats who voted for Obamacare!! I refuse to believe that every one of them had no clue what a loser this bill was!! Secondly if they did read it and signed the bill it’s even worse!! America needs to recognize what a failure not only Obama is but also how politically driven vs common sense driven Obamacare was!! Remember, this bill was passed with ZERO Republican support!! See election results 2010 and hopefully 2014 will expand this victory and bring to an end this disaster!! Sadly permanent damage has been done!!

  4. 4


    For years the democrats have relied on the propaganda media to go along with ANYTHING the democrats said, and they ALWAYS did. I’m guessing that the propaganda media couldn’t figure out a way to spin the obamacare web site into ANYTHING positive, and I’m also guessing that they have figured out how obamacare is going to effect them, and they don’t like it. They are willing to promote ANYTHING the democrats want them to, except something that will cost them a lot of money, and maybe even them not getting the medical care they need. Keep in mind that they haven’t been exempted from obamacare YET.

Leave a Reply

Your email address will not be published. Required fields are marked *