Republicans this week plan to put yet another criticism of the Affordable Care Act front-and-center on the House floor. It is another political weapon, but if treated seriously, this one could lead to useful reform.

Republicans have claimed that HealthCare.gov and the systems behind it may not be secure enough to keep Americans’ personally identifying data safe. They’ve selectively released evidence collected through their oversight efforts to make it seem as though the site has major vulnerabilities. In response, Democrats presented selective evidence of their own.

The Department of Health and Human Services, meanwhile, reported that “no person or group has maliciously accessed personally identifiable information from the site.” The agency also said the site is fully compliant with federal security standards.

That’s presumably true, but those standards could use some upgrading. HealthCare.gov no doubt has some vulnerabilities, as do many other sites. Data breaches of well-protected systems containing sensitive information indicate that HealthCare.gov would hardly be unique in this regard.

The House Republicans’ bill would require the government to notify victims of any illegal security breach in the ACA’s systems within two business days. If that makes sense for HealthCare.gov, though, why not require the same of other sensitive federal systems, too?