Initial cybersecurity risk assessments of state systems linking to federal computers to help enroll people for coverage under the new health care law found widespread risks. These assessments by the federal Health and Human Services department were provided by the House Oversight and Government Reform Committee. The Obama administration says they represent "outdated" snapshots and that security issues were either resolved or are being addressed. States need approval to connect to federal computer systems. States with high-risk issues can be approved if they are tackling the problems.

Initial cybersecurity risk assessments of state systems linking to federal computers to help enroll people for coverage under the new health care law found widespread risks. These assessments by the federal Health and Human Services department were provided by the House Oversight and Government Reform Committee. The Obama administration says they represent "outdated" snapshots and that security issues were either resolved or are being addressed. States need approval to connect to federal computer systems. States with high-risk issues can be approved if they are tackling the problems.

The potential impact of security flaws is rated high if a breach could have a severe or catastrophic impact on organizational operations, organizational assets, or individuals; moderate if the consequences would be serious, and low if the adverse effects would be limited. No information was provided for Delaware and New Jersey.

StateDate of AssessmentRisk LevelAlabama9/25/2013HighAlaska9/24/2013HighArizona*9/20/2013HighArkansas9/29/2013ModerateCalifornia9/25/2013ModerateColorado (Medicaid)9/29/2013HighColorado (Exchange)9/29/2013HighConnecticut9/16/2013HighDC9/26/2013HighFlorida9/29/2013HighGeorgia1/29/2014HighHawaii9/28/2013HighIdaho9/24/2013HighIllinois9/28/2013HighIndiana9/29/2013HighIowa9/24/2013HighKansas12/26/2013HighKentucky9/13/2013Approval recommendedLouisiana9/29/2013HighMaine10/3/2013HighMaryland9/24/2013ModerateMassachusetts9/24/2013ModerateMichigan9/26/2013ModerateMinnesota9/28/2013HighMississippi9/27/2013ModerateMissouri10/8/2013HighMontana9/27/2013ModerateNebraska9/29/2013HighNevada9/24/2013HighNew Hampshire9/24/2013HighNew Mexico9/29/2013HighNew York9/20/2013Approval recommendedNorth Carolina9/29/2013HighNorth Dakota12/16/2013HighOhio9/29/2013ModerateOklahoma10/15/2013ModerateOregon9/27/2013HighPennsylvania9/28/2013HighRhode Island9/20/2013HighSouth Carolina9/24/2013HighSouth Dakota9/29/2013HighTennessee11/8/2013HighTexas10/3/2013HighUtah1/29/2014LowVermont9/20/2014Approval recommendedVirginia9/29/2014HighWashington9/20/2014Approval recommendedWest Virginia10/3/2013HighWisconsin9/29/2013HighWyoming9/29/2013High

(asterisk)Approval was recommended for Arizona because the state had a mitigation plan.

Source: U.S. House Committee on Oversight & Government Reform