Remember when I reported on the Heartbleed vulnerabilities in the Obamacare website? This is sort of like that. The White House has been constantly working to fix any security vulnerabilities in Healthcare.gov. The IRS? That's a different story. I'll explain.
Thanks to Obamacare, insurance companies must submit information about net premiums to the IRS every year. That includes net premiums earned. Additionally, drug companies have to submit certain sales information as it relates to federal funding. Based on that info, the IRS will collect taxes and fees from those companies. But now we know the system the IRS is using to do this is severely flawed.
The Fiscal Times reports:
The Treasury Inspector General for Tax Administration recently examined a new computer application, called the ACA Information Returns system and known as AIR, that processes these returns. The IG's heavily redacted 44-page report, released Tuesday, suggests, specifically, the agency neglected to check source code for bugs and fix security vulnerabilities.
Just to be clear, these security vulnerabilities don't have anything to do with the insurance exchanges. If you sign up for healthcare on state or federal marketplaces, these security vulnerabilities don't affect you directly. But they do sound pretty severe, according to the audit report:
"These security control weaknesses could impact the AIR system’s ability to reliably process the electronic form reports and to accurately determine the applicable fees."
That means that companies could be overcharged or undercharged, or important tax information could be leaked to the Web. There's no telling how that could blow back against ordinary Americans, but it definitely won't help anybody. Thankfully, it seems like the IRS is working to fix the problem.
The audit outlines how to fix 23 of the 25 issues. The other two were blacked out. It's encouraging to know that the flaws will be addressed, but it's scary how much of the report is blacked out. Whenever the government hides information from the public, it's almost always really bad.