And still others tried to re-post it word-for-word but screwed up.

"We have since reviewed the supporting documentation and verified CMS's remediation."

<a href="[insert url here]">[insert display text here]</a>

AP posted this story this morning titled " Audit finds slipshod cybersecurity at HealthCare.gov ," criticizing security vulnerabilities in the system used to administer the federal Obamacare exchanges. Every media outlet under the sun re-posted it word-for-word:You won't find the source in the AP story or any of the copy cats, but it is about this audit by the HHS Inspector General's office published (in redacted form) on 21 September 2015. (By the way, the report is exactly 4 pages long and half of that was just the title so I don't know why it took AP 3 days to cover it.)Except, the audit did not find "slipshod" security at HealthCare.gov.There was something screwy about all this coverage because the AP published a piece that, while not verbatim, was nearly identical to this one back in September 2014. By an accident involving a local news affiliate, Charles Gaba from the esteemed acasignups.net pointed me to the previous story here . That prompted me to chase down the HHS Inspector General's audit , no thanks to AP who failed to properly source their article. 1 It turns out that the audit actually had the opposite to say about HealthCare.gov: security there is great.The report released on 21 September 2015 was the formal writeup of an audit that the HHS Inspector General's office had conducted from August through December in 2014. In other words, this is theaudit as the AP covered in it's previous story in September 2014, and that's why the two AP stories are identical--they are literally talking about the exact same audit. The first AP story was based on a preliminary report produced by the HHS Inspector General's office about the preliminary findings in their security audit of MIDAS, a database system that HealthCare.gov and insurers use to store users' information to allow them to buy insurance through the HealthCare.gov interface. The new story is based on the formal write up of the audit (which is short because the actual technical details of the vulnerabilities were redacted to avoid giving hackers any ideas) conducted a year ago.But here's the thing. The main reason for this new report is in fact to say that all of the security vulnerabilities have been fixed to the satisfaction of the HHS Inspector General's security team. The final line of the report:In otherwords, the point of the new report is to say that cybersecurity at HealthCare.gov is now excellent. That's the onlyhere. But none of the News is covering it that way. 1. See what I did there, AP? It's called a hyperlink. It turns out that when you are writing about a thing on the internet, you can "link" to that thing and then users can click it and be redirected to that thing. You do this by typing what's called an "anchor tag" into the HTML code, which looks like this.You should try it sometime.