McMillan is also chief executive officer of Cynergistek, a security audit and risk assessment firm in Austin, TX. He contends that the American public would be safer with healthcare.gov being taken down for however long is necessary to ensure that not just the hub, but the spokes—the state-associated exchanges plus the databases of the seven participating federal agencies undergo a thorough security assessment.
"There's just a tremendous amount of information about you as an individual in databases that quite frankly, in terms of access, is unprecedented, with this health insurance exchange," McMillan told me in November.
McMillan argues that insider abuse is a huge risk, and he's concerned that operatives in any of these agencies could use the rapidly accumulating information to commit identity theft. But the political cost of taking the site down is one of the big reasons that, HHS refuses to unplug it for an extended period of time.
Where McMillan and I fundamentally disagree is in his contention that the well-documented cases of consumers being unable to log on to healthcare.gov are grounds for an immediate takedown of the site.