Healthcare.gov server found to be housing malware

September 8, 2014 Arctic Wolf Networks

It was announced last week that a hacker was able to upload malware to a Web server for Healthcare.gov. The malicious software was inserted into a test server that was not meant to be connected to the Internet but was for unknown reasons. It was also discovered that, while the server was protected by a password, it was the default code provided by the manufacturer.

According to The Centers for Medicare and Medicaid spokesperson Aaron Albright, the intrusion took place on July 8, but wasn't discovered until seven weeks later when an IT worker noticed "unusual server traffic" on August 25. S.Y. Lee, spokesperson for the Department of Homeland Security, said that there is no reason to believe that personal information was compromised due to the breach.

The malware that infected the test server was meant to add the server to a larger botnet network and not to steal data, according to Albright, and the test server where it was inserted was only used to test code before it was released live on Healthcare.gov, not store user information. The FBI is investigating the hack and officials have said that, while the agency has traced multiple IP addresses involved in the attack overseas, it doesn't believe the breach was carried out by state-backed actors.

One of the most troubling things about the breach is the fact that the unprotected test server was connected to the Internet, and, in turn, to parts of the Healthcare.gov site that contained sensitive user information. While the more privileged parts of the website were better protected, the fact that they were connected to the test server means hackers could have theoretically gained access to them and the valuable data they store, according to an official with the Department of Health and Human Services. Because the site is a health insurance marketplace, it contains incredibly personal information, including financial data and Social Security numbers. 

The cyberattack comes at a time when insurance companies and the federal government are preparing for a wave of traffic on the site from people looking to take advantage of the marketplace's second open enrollment period, due to begin on November 15. 

Healthcare cybersecurity more important than ever
While it appears that no user information was exposed during the breach, attacks targeting healthcare data have increased in recent years. In an attempt to deter these types of intrusions, regulatory bodies and the FBI have implemented greater security regulations for companies dealing with insurance and medical information.

One of the most reliable ways to protect privileged data from malicious actors is to employ security information and event management. SIEM solutions provide around the clock monitoring of networks and systems to identify any suspicious or fraudulent activity. Networks are monitored around the clock, helping to relieve the burden placed on overworked and understaffed IT departments. The data collected by concierge SIEM service providers is analyzed and turned into actionable information that can be used by organizations to better defend against hackers, ensuring companies of all sizes have reliable cybersecurity.

Previous Article
Salesforce targeted by malware attack

Salesforce released a statement on their website stating that one of their security partners identified the...

Next Article
Mobile malware increasing rapidly, causing risks for enterprises

A recent report discovered that the number of malware infections affecting mobile phones are increasing at ...

×

Want cybersecurity updates delivered to your inbox?

First Name
Last Name
Company
!
Thanks for subscribing!
Error - something went wrong!