CMS says winner of $67M cyber contract was most qualified

It seems my story on the recent cybersecurity award from the Centers for Medicaid and Medicare Services ruffled a few feathers.

CMS officials were unhappy with the way my source portrayed the $67.6 million contract award, especially around the source’s belief that the award appeared to go to the lowest bidder.

CMS responded to my questions, so in the interest of balanced reporting, here is what they said.

CMS said it rated the winning vendor Iron Vine’s “experience and technical merit — and overall quote“ at the highest levels.

Advertisement

“The request for quotes (RFQ) stated that CMS would select a company that would provide CMS the greatest confidence that it will best meet or exceed the requirements at a fair and reasonable price,” the CMS spokesman said.

CMS said the $67.6 million price tag also was consistent with the other two current contracts that this new contract is replacing.

“CMS looks forward to working with Iron Vine on providing comprehensive cybersecurity support to CMS systems, including marketplace-related systems,” the spokesman said. “CMS used a competitive General Services Administration Schedule Program procurement, which provides a simplified process for obtaining commercial supplies and services. Iron Vine was rated first in technical expertise among all the quoters, and received the highest overall rating for the non-price portion of its quote. Cybersecurity is a top priority for CMS and this new action includes a three-month transition period with current contractors to ensure that our systems have the highest level of protections.”

CMS says there were 11 bids for the one-year base contract with four one-year options.

Sources say the transition is expected to start later this month so a three-month period would extend into open enrollment for Healthcare.gov.

Return to the Reporter’s Notebook