Healthcare.gov test server hacked

Summary:No data or production systems were compromised. A test server, accidentally open to the Internet, was accessed through a default password.

The Wall Street Journal cites unnamed federal officials as saying that a hacker gained access and uploaded malicious software to a server that is part of Healthcare.gov. The attack occurred in July and was discovered on August 25 during a daily security scan.

The officials say that the server is used only to test code for the site. The attacker gained no access to consumers' personal data and no such data was on the server. But because the server was not meant to be connected to the Internet, it was protected with a default password.

The FBI traced the attack to several IP addresses. They do not suspect a state actor, but rather one of many groups scanning for vulnerable systems on which to install software. The software in this case was meant for performing denial of service attacks. The story does not say whether the malicious software was ever used.

Attacks such as these are common and, as no meaningful data was compromised it is not considered serious event. The Journal quoted a senior Department of Homeland Security official as saying "[i]f this happened anywhere other than HealthCare.gov, it wouldn't be news."

In addition to daily security scans, the site undergoes drill hacking exercises and quarterly security audits from Blue Canopy Group LLC, a private security company in Reston, Va.

Topics: Security, Government : US

About

Larry Seltzer has long been a recognized expert in technology, with a focus on mobile technology and security in recent years. He was most recently Editorial Director of BYTE, Dark Reading and Network Computing at UBM Tech. Prior to that he spent over a decade consulting and writing on technology subjects, primarily in the area of sec... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.