Getty Images/iStockphoto

As HHS Responds to Coronavirus, Network Targeted by Cyberattack

The HHS network was bombarded with millions of hits late Sunday night, in an apparent attempt to undermine the agency’s coronavirus response; a foreign threat actor is suspected.

The Department of Health and Human Services faced a targeted cyberattack on its network Sunday night. Hackers launched a disruptive disinformation campaign designed to impede the agency’s coronavirus response, first reported by Bloomberg.

HHS Spokesperson Caitlin Oakley explained that the HHS team first saw a significant increase traffic on the cyber infrastructure on Sunday.

Fortunately, the hacking attempt failed to significantly slow the network and did not manage to penetrate the network, despite the threat actors sending millions of hits over several hours.

“HHS has an IT infrastructure with risk-based security controls continuously monitored in order to detect and address cybersecurity threats and vulnerabilities,” Oakley said in a statement. “Early on while preparing and responding to COVID-19, HHS put extra protections in place.”

“We’re coordinating with federal law enforcement and remain vigilant and focused on ensuring the integrity of our IT infrastructure," they added.

The attack may have been preempted by a campaign spread by text, email, and social media, warning that President Donald Trump intended to order a mandatory two-week quarantine across the country. The National Security Council warned about these fake messages, calling them rumors and urging all to listen to guidance from the Centers for Disease Control and Prevention.

So far, officials believe no data was exfiltrated during the attack, and federal leaders are investigating the scope of the incident.

To industry stakeholders, the HHS event sheds light on the increasing threat hackers pose to the healthcare sector in light of the coronavirus pandemic. Just last week, hackers infected the website of Champaign-Urbana Public Health District in Illinois with NetWalker ransomware, while the provider responded to the virus.

Greg Wendt, Executive Director of Appsian, explained that government agencies like HHS will continue to be key targets for cyberattacks. And as many leverage applications and systems developed decades ago, these systems could have serious vulnerabilities.

Further, as organizations will need to ensure that during the coronavirus pandemic and the increase in remote work, they first ensure they’ve effectively maintained “secure user authentication and data security.”

“After all, telecommuting means perimeter firewalls and corporate networks are not leveraged as originally intended,” Wendt told HealthITSecurity.com in an emailed statement. “The process to modernize and transform the critical nature of data is a lengthy one and not a process that can be successfully done overnight.”

“As organizations rapidly transition to a telecommuting work culture and push too fast to get all employees up and running remotely, new threat vectors across the entire IT environment will arise and result in an uptick in breaches such as this of HHS,” he added.

Organizations will need to layer authentication and monitor their internal and external systems. Best practice security measures would identify access from users originating from unknown networks or foreign actors, Wendt explained.

Multi-factor authentication (MFA) can also significantly enhance security through added user authentication requirements during the login process and while the user is insider the application. Wendt explained that even if a hacker obtains login credentials, MFA creates roadblocks for the hacker to block business critical transactions.

“By monitoring who is accessing highly sensitive data, and by authenticating access from outside devices (VPN, phone) as well as authenticating from the inside of the IT environment, organizations can proactively prevent unauthorized access,” Wendt concluded.

Next Steps

Dig Deeper on Cybersecurity strategies