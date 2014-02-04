(Adds comments from contractors in paragraphs 4-6)
By Mark Hosenball
WASHINGTON Feb 4 U.S. health officials have
investigated whether some of the software used in computers at
the heart of President Barack Obama's healthcare reform was
written in Belarus, but have found no evidence of that being the
case, a White House official said on Tuesday.
A report of the probe, first published by the conservative
Washington Free Beacon website late Monday, was seized on by
Republicans who are campaigning to scuttle the reforms and say
the website HealthCare.gov remains vulnerable to hackers four
months after its botched roll-out on Oct. 1.
Caitlin Hayden, a spokeswoman for Obama's National Security
Council, said investigators for the Department of Health and
Human Services had "found no indications that any software was
developed in Belarus."
The main contractor for the HealthCare.gov project, CGI
Federal, said: "At no time during its work on HealthCare.gov did
CGI subcontract any work to any entity or persons from Belarus,
specifically from the high-technology park in Minsk."
It added in a statement: "All of CGI's work for
HealthCare.gov was performed in the United States."
QSSI, a unit of health insurer UnitedHealth Group
which took over late last year to oversee repairs to the faulty
website, declined to comment.
The site is the web portal to a 36-state federal health
insurance marketplace which offers private insurance with
federally subsidized rates for some consumers.
Hayden confirmed that a U.S. intelligence agency had
recently issued, then retracted, a report related to possible
involvement by a Belarus company in writing the software.
Intelligence officials said she was referring to a U.S.
security agency's report on an interview in which a Belarusian
appeared to claim that elements of the Obamacare website had
been written by his organization.
In the interview with Radio Russia dated June 25, 2013,
Valery Tsepkalo, director of the government-backed
High-Technology Park (HTP) in Minsk, said: "One of our clients
is the health ministry of the United States - we are being paid
to help Obama with the healthcare reform."
However it was unclear from the interview exactly what work
the company was doing and what U.S. entity it was working with.
"NO SECURITY ATTACKS"
The Centers for Medicaid and Medicare Services, a section of
the HHS which oversees much of the healthcare reform law, issued
a statement that did not directly address the possibility that
HealthCare.gov software may have been written in Belarus.
"To date, there have been no successful security attacks on
HealthCare.gov and no person or group has maliciously accessed
personally identifiable information from the site," the
statement said.
It said the site complied with federal rules and that
independent security contractors found no problems when they
completed a "Security Control Assessment" in December.
David Kennedy, chief executive of the cybersecurity firm
TrustedSecLLC, who has testified at Congressional hearings on
the security of HealthCare.gov, said on Tuesday that engaging a
company in a country closely allied with Russia would raise
concern.
He said such a country may be pressured to build "back
doors" in the infrastructure of a U.S. government site like
HealthCare.gov, which could potentially give hackers linked to
the Russian government a way to access U.S. government computer
systems.
Obamacare, formally called the Affordable Care Act, was
passed in 2010. Although many reforms are already in effect as
part of the act, the biggest change, which is meant to extend
medical insurance to millions of Americans, is being rolled out
this year.
The Free Beacon website said U.S. intelligence officials
had specifically warned that "programmers in Belarus, a former
Soviet republic closely allied with Russia, were suspected of
inserting malicious code that could be used for cyber attacks."
The Free Beacon quoted one anonymous official alleging that,
"The U.S. Affordable Care Act software was written in part in
Belarus by software developers under state control, and that
makes the software a potential target for cyber attacks."
U.S. Director of National Intelligence James Clapper said he
had no knowledge of the withdrawn intelligence report about
Belarus when asked about it during a congressional hearing.
Clapper's spokesman Shawn Turner said in an email that it
was "an Open Source Center daily update that was recalled
because it failed to meet internal requirements for
classification review."
A U.S. official said that intelligence officials had not
wanted to circulate widely a summary based on uncorroborated
media reporting which could cause serious concerns without being
confident of its validity.
The report was marked, "Unclassified/For Official Use Only,"
according to a separate U.S. official who saw it, who asked not
to be named.
(Reporting by Mark Hosenball, David Morgan and Roberta Rampton
in Washington, Sharon Begley and Caroline Humer in New York, Jim
Finkle in Boston and Douglas Busvine in Moscow; Writing by David
Storey; Editing by Meredith Mazzilli and Andrew Hay)