As the second year of ObamaCare enrollment approaches, the focus this time is on the security of information the government requires enrollees to provide.
Rep. Lamar Smith, R-Texas, chairman of the committee with jurisdiction over security of the website, said, "we've had hearings on the subject of the security or lack of security with the ObamaCare website and what we've discovered is that it seems to be easy to be hacked, the security is not secure."
Smith isn't the only one worrying. A security expert noted that the health care website is one of the largest federal collections of personal information ever assembled.
Security analyst David Kennedy, of a company called TrustedSec, explained, "they require first name, last name ... they require your home address, require your social security number, and then payment information" -- including credit card data.
Worries increased when a test site for ObamaCare was hacked on July 8 but not discovered until Aug. 25.
Officials said no information was compromised and that comprehensive testing was now underway.
But just last month, a Government Accountability Office report said, “Until these weaknesses are fully addressed, increased and unnecessary risks remain."
Officials now say they have met 19 of 22 GAO recommendations.
One security specialist, however, warned that hacking of all kinds is rapidly rising.
"We're seeing it on an unprecedented level," said David Kennedy. "I mean attacks this year have gone up 400 percent from the prior year. We see it from China, Russia, you know inside the United States itself, organized crime units ... I mean it's a mess out there right now."
Dan Mendelson of Avalere Health said, "Look, when J.P. Morgan gets hacked, you've got to worry about everything and the fact is that consumers are putting a lot of confidential information onto the site."
Smith had concerns last fall. But in testimony, Todd Park, the former Chief Technology Officer for the administration and assistant to the president, testified last November he knew nothing about security problems.
“I'm not, uh, deeply familiar with, uh, the development testing regimen happened prior to September 1," Park testified.
Smith, however, said he thinks security problems were known but ignored, and is issuing a subpoena for Park to come back and testify again.
"When we found out we weren’t getting all the information from him that we should and it may or may not have been accurate, that's when we decided to issue the subpoena," Smith said.
One security expert noted healthcare.gov is a still a huge ripe target ... and that unlike the private sector, no law requires the federal government to even inform you if your information has been hacked.