Healthcare.gov test server hacked

Healthcare.gov test server hacked

Summary: No data or production systems were compromised. A test server, accidentally open to the Internet, was accessed through a default password.

SHARE:
4

The Wall Street Journal cites unnamed federal officials as saying that a hacker gained access and uploaded malicious software to a server that is part of Healthcare.gov. The attack occurred in July and was discovered on August 25 during a daily security scan.

The officials say that the server is used only to test code for the site. The attacker gained no access to consumers' personal data and no such data was on the server. But because the server was not meant to be connected to the Internet, it was protected with a default password.

The FBI traced the attack to several IP addresses. They do not suspect a state actor, but rather one of many groups scanning for vulnerable systems on which to install software. The software in this case was meant for performing denial of service attacks. The story does not say whether the malicious software was ever used.

Attacks such as these are common and, as no meaningful data was compromised it is not considered serious event. The Journal quoted a senior Department of Homeland Security official as saying "[i]f this happened anywhere other than HealthCare.gov, it wouldn't be news."

In addition to daily security scans, the site undergoes drill hacking exercises and quarterly security audits from Blue Canopy Group LLC, a private security company in Reston, Va.

Topics: Security, Government US

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

4 comments
Log in or register to join the discussion
  • Wow, the GOP...

    ...is now hiring hackers. There's no filthy bottom they won't stoop down to. They must really hate that people who don't make a lot of money finally they have health care...
    siskol
    • Yeah... must be those eeeeeEEEEEvil Republicans.

      You, sir, are a moron.
      Hallowed are the Ori
      • Cui prodest?

        I know, you conservatives don't do Latin...Or any other language that isn't Redneck.
        siskol
    • Got evidence?

      Admittedly, our politics are moving in that direction (I fully expect to read about people being murdered for registering with the wrong political party some time in the next five years), but at this point, it's best not to assume.
      John L. Ries