Healthcare Technology Featured Article

September 08, 2014

Hacker Breached ACA Network to Launch Possible DDoS Attack


After going through so many trials and tribulations, the Affordable Care Act (otherwise known as Obamacare) managed to stay alive, and it is now getting ready for the second round in November. This time around, the website is expected to function according to plan, and individuals looking to purchase insurance will be able to do so without the hassles consumers experienced during the inaugural launch. During that time the issue of security was raised by several individuals and the U.S. Centers for Medicare and Medicaid Services (CMS) announced hackers broke into a computer server supporting the HealthCare.gov website by uploading malicious files.

According to CMS spokesman Aaron Albright, the breach took place on July 8 and the uploaded malware was designed to launch a distributed denial of service (DDoS) attack. During these types of attacks hackers generally don't steal information from the systems, their sole purpose is to use the computing resources to perpetrate a larger attack to bring down the website of a large organizations such as banks, retailers and others.

Albright stated, “We have taken measures to further strengthen security…Our review indicates that the server did not contain consumer personal information; data was not transmitted outside the agency, and the website was not specifically targeted.”

Albright informed Reuters uploading the malware gave the hackers control of the server so it could be used to attack another target. The U.S. Computer Emergency Response Team (CERT) has confiscated the server and a long with the U.S. Department of Homeland Security they are investigating the matter.

The security breach might have taken place because it was a test server that still had the vendor's default password and should not have been connected to the Internet. Initial US-CERT analysis has revealed it was not running HealthCare.gov and it was used by programmers to test new code before it goes live.

As Reuters reported, cybersecurity expert David Kennedy, chief executive of the information security firm TrustedSec LLC, said, “He was unconvinced this was the first successful hack on HealthCare.gov and it is rare for hackers to upload malware without following through to use it.”

This case points out the wide range of cyber-attacks that currently exists in the digital world. Whether the hackers are sponsored by a rogue government, global criminal enterprises or a white hat hacker trying to test his or her ability, investigators won't know the scheme until it is all over.  This time around HealthCare.gov got lucky all around, but it won’t be the case all the time.




Edited by Alisen Downey
Get stories like this delivered straight to your inbox. [Free eNews Subscription]




SHARE THIS ARTICLE



FREE eNewsletter

Click here to receive your targeted Healthcare Technology Community eNewsletter.
[Subscribe Now]