Quantcast
Connect with us

Obamacare officials: Hackers broke into website server and uploaded ‘malicious’ files

Published

on

By Sharon Begley

NEW YORK (Reuters) – An unknown hacker or hackers broke into a computer server supporting the HealthCare.gov website through which consumers enroll in Obamacare health insurance, a government cybersecurity team discovered last week, apparently uploading malicious files.

ADVERTISEMENT

The Centers for Medicare and Medicaid Services (CMS), the lead Obamacare agency, briefed key congressional staff on Thursday about the intrusions, the first of which occurred on July 8, CMS spokesman Aaron Albright said.

The malware uploaded to the server was designed to launch a distributed denial of service (DDoS) attack against other websites, not to steal personal information, Albright said.

In a DDoS, Internet-connected computers are so overwhelmed by malware attempting to communicate with their website that, unable to handle legitimate requests, they crash.

“Our review indicates that the server did not contain consumer personal information; data was not transmitted outside the agency, and the website was not specifically targeted,” Albright said. “We have taken measures to further strengthen security.”

ADVERTISEMENT

The Office of Inspector General of the Department of Health and Human Services, CMS’s parent agency, and HHS leadership were notified of the attack, which was first reported by the Wall Street Journal.

A spokesman for the Department of Homeland Security, which helps investigate cyber attacks, said its Computer Emergency Readiness Team (US-CERT) had forensically preserved the affected server and had identified and extracted the malware designed to launch a denial of service attack.

US-CERT analysis indicated that only one server was involved. It was not running HealthCare.gov, but was instead used by programmers to test new code before it goes live.

ADVERTISEMENT

The test server was not supposed to be connected to the Internet, but somehow was. In addition, access to it was protected by a default password installed by the manufacturer, said Albright, who declined to say if that default was 1-2-3-4-5 or something equally breachable.

Cybersecurity expert David Kennedy, chief executive of the information security firm TrustedSec LLC, said he was unconvinced this was the first successful hack on HealthCare.gov.

“There are fundamental flaws in how they’re coding the website and it’s going to take a long, long time to fix it,” he told Reuters. “It continues to be a really big glaring security hole.” It is rare for hackers to upload malware without following through to use it, he added.

ADVERTISEMENT

Rep. Diane Black of Tennessee, a longtime Republican critic of Obamacare, criticized CMS for the cyberbreach, saying “designing a secure website should have been a top priority for this administration.”

The attack, Albright said, will have no impact on the second open enrollment period for Obamacare, which begins on Nov. 15.

(Reporting by Sharon Begley, Doina Chiacu and Alina Selyukh; Editing by Dan Grebler)

ADVERTISEMENT

[Image via Agence France-Presse]

Enjoy this piece?

… then let us make a small request. Like you, we here at Raw Story believe in the power of progressive journalism — and we’re investing in investigative reporting as other publications give it the ax. Raw Story readers power David Cay Johnston’s DCReport, which we've expanded to keep watch in Washington. We’ve exposed billionaire tax evasion and uncovered White House efforts to poison our water. We’ve revealed financial scams that prey on veterans, and legal efforts to harm workers exploited by abusive bosses. We’ve launched a weekly podcast, “We’ve Got Issues,” focused on issues, not tweets. And unlike other news outlets, we’ve decided to make our original content free. But we need your support to do what we do.

Raw Story is independent. You won’t find mainstream media bias here. We’re not part of a conglomerate, or a project of venture capital bros. From unflinching coverage of racism, to revealing efforts to erode our rights, Raw Story will continue to expose hypocrisy and harm. Unhinged from billionaires and corporate overlords, we fight to ensure no one is forgotten.

We need your support to keep producing quality journalism and deepen our investigative reporting. Every reader contribution, whatever the amount, makes a tremendous difference. Invest with us in the future. Make a one-time contribution to Raw Story Investigates, or click here to become a subscriber. Thank you. Click to donate by check.

Enjoy this piece?

… then let us make a small request. Like you, we here at Raw Story believe in the power of progressive journalism — and we’re investing in investigative reporting as other publications give it the ax. Raw Story readers power David Cay Johnston’s DCReport, which we've expanded to keep watch in Washington. We’ve exposed billionaire tax evasion and uncovered White House efforts to poison our water. We’ve revealed financial scams that prey on veterans, and efforts to harm workers exploited by abusive bosses. We’ve launched a weekly podcast, “We’ve Got Issues,” focused on issues, not tweets. Unlike other news sites, we’ve decided to make our original content free. But we need your support to do what we do.

Raw Story is independent. You won’t find mainstream media bias here. We’re not part of a conglomerate, or a project of venture capital bros. From unflinching coverage of racism, to revealing efforts to erode our rights, Raw Story will continue to expose hypocrisy and harm. Unhinged from corporate overlords, we fight to ensure no one is forgotten.

We need your support to keep producing quality journalism and deepen our investigative reporting. Every reader contribution, whatever the amount, makes a tremendous difference. Invest with us in the future. Make a one-time contribution to Raw Story Investigates, or click here to become a subscriber. Thank you.



Report typos and corrections to: [email protected]. Send news tips to: [email protected].
READ COMMENTS - JOIN THE DISCUSSION
Continue Reading

Facebook

How to invest if you’re worried a recession is coming

Published

on

Although the U.S. economy continues to grow and add jobs, talk of a recession is increasingly in the air due to a number of worrying signs.

Continue Reading

Breaking Banner

How Trump’s limited intellectual development has given him a ‘God complex’

Published

on

Trump's lack of respect for the country's long-standing democratic norms and institutions also extends to America's alliances, security arrangements with its allies and friends, and the international order more broadly. To that end  Trump has threatened to remove the U.S. from NATO, hailed the merits of nationalism (while barely pretending that does not mean white nationalism), tried to surrender U.S. security to Russian President Vladimir Putin and proclaimed on numerous occasions that America will now stand (mostly) alone in the world.

This story first ran at Salon in November of 2018. 

Continue Reading
 

Breaking Banner

Danish media crushes ‘questionable real estate agent’ Trump for his ‘absurd’ snub of their country

Published

on

President Donald Trump has found himself getting skewered by the Danish media after he abruptly canceled a planned meeting with the Danish prime minister after she refused to sell Greenland to the United States.

Copenhagen-based newspaper Berlingske on Wednesday published several articles and editorials that took Trump to task for snubbing an important European ally because it would not entertain selling him Greenland.

The paper's lead editorial, for example, declared Trump's cancellation "absurd" and said that he was deeply harming his country's relationship with Denmark.

Continue Reading
 
 

Thank you for whitelisting Raw Story!

As a special thank you, from now until August 31st, we're offering you a discounted rate of $5.99/month to subscribe and get ad-free access. We're honored to have you as a reader. Thank you. :) —Elias, Membership Coordinator
LEARN MORE
close-link
close-image