WASHINGTON — An internal government memo obtained by The Associated Press shows administration officials were concerned that a lack of testing posed a "high" security risk for President Barack Obama's new health insurance website.
The Sept. 27 memo to Medicare chief Marylin Tavenner said a website contractor wasn't able to test all the security controls in one complete version of the system.
Insufficient testing "exposed a level of uncertainty that can be deemed as a high risk," the memo said.
The memo recommended setting up a security team to address risks, conduct daily tests, and a full security test within two to three months of going live.
At a congressional hearing, Health and Human Services Secretary Kathleen Sebelius said the site's security certification is temporary, but asserted consumers' personal information is secure.