In the middle of a national response to the COVID-19 pandemic, the U.S. Health and Human Services Department suffered a cyber attack aimed at slowing down the agency’s operations.
John Ullyot, a spokesman for the National Security Council, said “we are aware of a cyber incident related to the Health and Human Services computer networks, and the federal government is investigating this incident thoroughly.”
“HHS and federal government cybersecurity professionals are continuously monitoring and taking appropriate actions to secure our federal networks,” he added. While he has confirmed that HHS and federal networks are functioning normally, the agency hasn’t confirmed who is behind this attack.
The Health and Human Services said that there isn’t any evidence of data accessed from its system illegally and that the experts are investigating the incident.
In a White House briefing, Alex Azar, the Health and Human Services Secretary said “We had no penetration into our networks, we had no degradation of the functioning of our networks”.
An HHS spokeswoman said that the agency has taken extra precautions to respond to the COVID-19 situation. The attack overloaded the HHS servers with millions of hits over several hours, but couldn’t slow down the Agency’s systems significantly. “We are coordinating with federal law enforcement and remain vigilant and focused on ensuring the integrity of our IT infrastructure.” She added.
Hackers taking advantage of COVID-19 outbreak to target distracted governments and companies
Kevin Bocek, VP Security Strategy & Threat Intelligence at Venafi, said that the attack on US Health & Human Services department is a clear sign that we’ll soon face a cyber attack crisis in addition to the coronavirus pandemic. Attackers of all types – from cybercriminals seeking profits, to terrorists and other seeking disruption, and even nation states will seek to hit their targets when they are distracted, striking when governments and businesses have their hands full with the pandemic response.
"Every organisation, from governments and banks through to payment providers, retailers or manufacturers must be on high alert for cyber attacks. Now is not the time to consider cyber security optional. While the business environment at the moment is challenging, a cyber attack can still be a knock out blow for businesses and governments not focusing on the threat," he added.
Commenting on the cyber attack targeting HSS systems, Sam Curry, Chief Security Officer at Cybereason, said “Hacks lead to misinformation campaigns and a lot of pain for people. This breach is effectively an attack on the United States government and every citizen. DO NOT HACK FOR ANY REASON RIGHT NOW: not politics, not profit. If martial law comes down, frontier justice can be nasty.
"Overall, this looks like this breach could be the result of a DDoS attack, which means the DHHS should immediately work with their ISPs to ensure redundant bandwidth. Organisations such as DHHS, CDC, WHO, NIH, etc., should also identify critical apps and assure a content delivery network to handle volume too on the application layer if they haven’t already done so.
"If they have that in place and were still breached, they reach out to their ISP and assure that they are priority 1 when attacks happen — they need to be operational more than other competing applications. And they should immediately try to understand why this breach happened to try to predict where the next attack will occur. If this was a DDoS attack, the good news is that this is a sledgehammer and this attacker (not others) probably doesn’t have any finer tools to use right now," he added.