Just one day after Department of Health and Human Services Secretary Kathleen Sebelius was grilled by the House Energy and Commerce committee, new reports point to even more healthcare.gov problems: security holes and incorrect doctor information. 

Healthcare.gov's biggest security hole to date was discovered by a good samaritan security researcher, not anyone working for the administration. As CNN outlined on Tuesday, anyone with bad intentions and a basic understanding of website code could have guessed a username and tricked the site into providing that user's email. Googling and social media research could have then provided the answers to security questions.

That security hole was fixed on October 25, over three weeks after the exchange site opened. The administration might have caught that if they had been able to run a proper security check, but according to a September 27 memo sent to the Department of Health and Human Services, and obtained by various media outlets on Wednesday, the system was not fully tested, "exposing a level of uncertainty that can be deemed high risk." Contractors recommended setting up a security team to check the site daily. At Wednesday's hearing, Sebelius said user information was safe. 

But even if healthcare.gov is safe, that doesn't mean it's accurate. Several exchanges don't let shoppers see potential doctors, but the ones that do tend to have bad doctor information, listing "wrong specialties, addresses and language skills, and no indication whether providers are accepting new patients," The Wall Street Journal reported last night. The good news for the exchanges is that their excuse — the insurers, who provide the lists, often have out-of-date information — holds water. The bad news is that people still expect the exchanges to provide accurate information. 

Doctors are also worried that the incorrect information might mislead shoppers and make it seem that plans have wider doctor networks than they actually do. On the flip side some doctors might not know they've been moved into a new network. Contracts between insurers and physicians allow the former to add doctors to the provider networks of new plans. In California, insurers are allowed to force contracted doctors to join any network the insurer provides. "Come January, some practices could find they have a lot of new patients coming through their doors at less than break-even rates," Brett Johnson, the California Medical Association's associate director, told The Journal. While security issues are relatively easy to solve, getting doctors to join low cost plans may require a more creative solution.