Top US health agency suffers cyberattack
The Department of Health and Human Services (HHS) was attacked by hackers over the weekend as the agency worked to respond to the coronavirus pandemic.
The cyberattack, first reported by Bloomberg News, involved hackers accessing HHS’s systems on Sunday night. According to Bloomberg, they were not able to steal anything, and the goal was to slow down systems.
HHS spokesperson Caitlin Oakley told The Hill in a statement that the agency was “fully operational” and investigating the cybersecurity incident.
“HHS has an IT infrastructure with risk-based security controls continuously monitored in order to detect and address cybersecurity threats and vulnerabilities,” Oakley said. “On Sunday, we became aware of a significant increase in activity on HHS cyber infrastructure and are fully operational as we actively investigate the matter.”
She noted that “early on while preparing and responding to COVID-19, HHS put extra protections in place. We are coordinating with federal law enforcement and remain vigilant and focused on ensuring the integrity of our IT infrastructure.”
HHS Secretary Alex Azar played down the hacking incident during a press conference later on Monday.
“We have extremely strong barriers, we had no penetration into our networks, no degradation of the functioning of our networks, we had no limitation on the ability or capacity of our people to telework, we’ve taken very strong defensive actions,” Azar told reporters at the White House.
When asked where the hackers were from, Azar declined to speculate, but said “there was no data breach and no degradation of our ability to function or serve our important mission here.”
John Ullyot, spokesperson for the White House National Security Council (NSC), told The Hill that “the federal government is investigating the incident thoroughly.”
“HHS and federal government cybersecurity professionals are continuously monitoring and taking appropriate actions to secure our federal networks,” Ullyot added. “HHS and federal networks are functioning normally at this time.”
The Cybersecurity and Infrastructure Protection Agency (CISA), the cyber agency at the Department of Homeland Security, has also been involved in responding to the cyberattack.
CISA spokesperson Sara Sendek told The Hill that the agency will “continue to support our partners at HHS as they protect their IT systems.”
Sendek added that CISA “has taken a number of steps over the last several weeks to increase cybersecurity preparedness across federal civilian agencies, including enhanced monitoring, issuing recommendations as agencies shift to telework, and identifying and protecting particularly important systems supporting COVID response efforts. We’re confident that the measures we’ve all put into place are sufficient, and we will stay on the lookout for and defend against malicious activity.”
According to Bloomberg, an NSC tweet on Sunday was posted after the government confirmed that false information was circulating due to the hack.
“Text message rumors of a national #quarantine are FAKE. There is no national lockdown,” the NSC tweeted. “@CDCgov has and will continue to post the latest guidance on #COVID19. #coronavirus.”
— NSC (@WHNSC) March 15, 2020
Sen. Ben Sasse (R-Neb.), a member of the Senate Intelligence Committee, called for “consequences” in response to the cyberattack on HHS.
“Here’s the reality of 21st century conflict: cyberattacks are massive weapons to kick opponents when they’re down,” Sasse said in a statement. “At a time when Americans face uncertainty and fear from coronavirus, we should expect an increase in cyberattacks and stay vigilant. There need to be consequences for these kinds of attacks. We can’t take our eye off the ball.”
— Updated at 4:45 p.m.
The Hill has removed its comment section, as there are many other forums for readers to participate in the conversation. We invite you to join the discussion on Facebook and Twitter.