"If you don't take it down, and we do have a major event, or a major issue, I think that the harm of that will be ten times worse than if you were to actually take it down and take care of the site and put it back up and have it work properly," McMillan says.
Since healthcare.gov's much-publicized problems began, critics have pointed consistently to Silicon Valley-powered sites such as Amazon and Google as evidence that large sites can scale securely. And yet, Target's very real recent woes point out that healthcare.gov has no monopoly on bad Web site execution.
I pointed out to McMillan that the many articles we've read about bringing high-tech security experts to the rescue rarely, if ever, mention the real possibility that health insurance companies could themselves be great resources to assist healthcare.gov and address its security and performance issues.
"They stand to benefit from this, right?" McMillan replied. "You would think they would want this to work."
Perhaps, and I have no evidence to support this, governments keep the insurers from lending their help for fear that once insurers get their hands on the code running healthcare.gov, they might try to tilt that code to bestow ever-so-subtle preference to that insurer.