A cyber-attack on the US Health and Human Services Department’s (HHS) computer system has been framed as a campaign of disruption aimed at hindering the response to the coronavirus pandemic.
The HHS is a department of the US federal government with the goal of protecting the health of Americans and delivering essential human services.
“We are aware of a cyber incident related to the Health and Human Services computer networks, and the federal government is investigating this incident thoroughly,” John Ullyot, a spokesman for the National Security Council, said in a statement. “HHS and federal government cybersecurity professionals are continuously monitoring and taking appropriate actions to secure our federal networks.”
A foreign state is the suspected perpetrator, but no confirmation of who the attacker was has been released as of yet.
The attack apparently worked by overloading the HHS servers with millions of hits over several hours – what’s known as a distributed denial of service (DDoS) attack – but didn’t succeed in significantly slowing the agency’s systems.
“We had no penetration into our networks; we had no degradation of the functioning of our networks,” Health and Human Services Secretary Alex Azar said at a White House briefing on the coronavirus on Monday afternoon.
The HHS cyber infrastructure is fully operational right now. HHS spokeswoman, Caitlin Oakley, said: “We are coordinating with federal law enforcement and remain vigilant and focused on ensuring the integrity of our IT infrastructure.”
“Damage like this at this time is not ‘white hat’ or even ‘grey hat’. It’s dark as dark,” says Sam Curry, chief security officer at Cybereason. “It’s as bad as stealing generators, gas or food in a time of natural disaster. What breaches like this do is accelerate the virus potentially by making measures and controls not reach the people that need them. That means that this could directly lead to deaths.
“Organisations such as DHHS, CDC, WHO, NIH, etc., should also identify critical apps and assure a content delivery network to handle volume on the application layer if they haven’t already done so. If they have that in place and were still breached, they reach out to their ISP and assure that they are priority one when attacks happen — they need to be operational more than other competing applications.”
Sign up to Emerging Threats, our weekly cyber security newsletter
However, Curry pointed out: “If this was a DDoS attack, the good news is that this is a sledgehammer and this attacker (not others) probably doesn’t have any finer tools to use right now.”
A fake viral message – circulating via text, email, and social media – which claimed that the sender’s “military friends” warned President Trump was going to mandate a two week quarantine for the nation on Monday, prompted the National Security Council to tweet a warning that these messages were fake. Officials believe that this activity was related to the HHS cyber attack.
HHS isn’t the only health body that has been targeted during this time of global pandemic. Administrators in the hospital at University Hospital Brno in the Czech Republic reported enduring similar cyberattacks, that meant they had to cancel planned operations and divert patients elsewhere.