What Happened With The HealthCare.Gov Security Breach

Adam Mazmanian | FCW | September 4, 2014

Hackers breached the HealthCare.gov system in July, according to officials at the Centers of Medicare and Medicaid Services and the Department of Homeland Security. Federal officials had no evidence of information being compromised, and it's unclear if HealthCare.gov was specifically targeted for the trove of personal and financial information on Americans that it contains. The news was first reported Sept. 4 in the Wall Street Journal.

The intrusion resulted in the implantation of malicious files on a test server designed to launch denial of service attacks on other sites. This is a garden-variety type of attack in which computer networks are co-opted to act as bots and lock up the activity of targeted networks.  "Our review indicates that the server did not contain consumer personal information; data was not transmitted outside the agency, and the website was not specifically targeted. We have taken measures to further strengthen security," a HHS spokesperson said in an emailed statement.

The attack was first detected Aug. 25 during a CMS security review of system activity. The intrusion was reported internally at the Department of Health and Human Services to the agency's leadership, the Office of Inspector General and the Computer Security Incident Response Center. The attack was not designed to export personally identifiable information, according to CMS...