On Thursday, September 4th, the Department of Health and Human Services reported the discovery of malicious files on one of their test servers. Suspected hackers installed the files to launch a DoS or “denial of service” attack, which is designed to make a machine or network resource unavailable to its intended users. This was likely due to low security settings on the server that enabled intruders to make use of the default password to gain access to the machine.
The agency issued a statement stating that “the server did not contain consumer personal information” and that [they] “have taken measures to further strengthen security”.
The Wall Street Journal reports that this is the first such successful attack on the HealthCare.gov website, which prompted Republican leadership to raise concerns about security and auditing of the site. Even Democrats joined the dialogue, with Sen. Tom Carper (D., Del.) referring to the hack as “deeply troubling”.
Solve Healthcare routinely assists customers to evaluate their security configuration to determine if their systems comply with HIPAA and HITECH regulations. Penalties, fines and litigation that may arise from breaches are becoming more common, so schedule a time to speak with one our experts today. Visit solvehealthcare.com for more information.