The U.S. Health and Human Services Department’s (HHS) computer system suffered a cyberattack Sunday night, Bloomberg reported Monday. Federal officials have yet to confirm the source of the hack.
Three people with knowledge of the incident told the news outlet that the attack was aimed at slowing down the agency’s electronic systems during a critical time in its response to the COVID-19 coronavirus.
According to the report, a Sunday night tweet from the National Security Council’s (NSC) official Twitter account was intended to dispel the release of disinformation circulating as a direct result of the cyberattack.
“Text message rumors of a national #quarantine are FAKE. There is no national lockdown. @CDCgov has and will continue to post the latest guidance on #COVID19,” the NSC tweeted just before midnight on Sunday.
— NSC (@WHNSC) March 16, 2020
Per the report, it is assumed that a “hostile foreign actor” was behind this:
The tweet was in part meant to address the hacking, which involved multiple incidents. Secretary of State Michael Pompeo and other Trump administration officials are aware of the incident, one of the people said.
It doesn’t appear that the hackers took any data from the systems, one of the people said. Administration officials assume that it was a hostile foreign actor, but there is no definitive proof at this time.
Based on the report, it appears the hack, which involved “overloading the HHS servers with millions of hits over several hours” was a distributed denial-of-service (DDoS) attack.
A DDoS attack is a malicious effort to disrupt normal traffic of a targeted server, service or network by overwhelming the target or its surrounding infrastructure with a flood of Internet traffic, usually utilizing multiple compromised computer systems. The attacks are analogous to a sudden traffic-jam that shuts down a highly traveled road.
One of the sources told Bloomberg that head of the National Security Agency and U.S. Cyber Command Paul Nakasone is leading the investigation into the source of the attack.
Marty Puranik, a cybersecurity expert and CEO of Atlantic.Net, told Law&Crime that luckily the cyberattack “slowed, but didn’t break or compromise anything.”
“It’s very difficult to fight multiple fires — the actual pandemic and reacting to data security procedures; that’s why it’s important to have those in place before volatile events occur,” Puranik said. “This shows that attackers will take advantage of any situation, even global emergencies, to profit for themselves and the importance of realizing that attackers will try to take advantage of you when the chips are down.”
[image via YouTube screengrab]