The Inquirer-Home

Hackers broke into the Obamacare network, apparently took nothing

Used server in denial of service attack
Fri Sep 05 2014, 09:21
Obamacare has been hacked

HACKERS BROKE INTO an Obamacare server and attempted to use it in a denial of service attack, according to the US Centers for Medicare and Medicaid Services (CMS).

We have asked the CMS to comment on the issue, but so far it has not responded. In a statement to the INQUIRER it said that apparently the attack was not designed to steal information, but rather to take control.

"Our review indicates that the server did not contain consumer personal information; data was not transmitted outside the agency, and the website was not specifically targeted," said CMS spokesman Aaron Albright.

"We have taken measures to further strengthen security."

Albright said that the investigation found that the assault took place in early July, telling Reuters that malware was uploaded to the server, and that this would have let the attacker control the server and use it to attack another online target of some sort.

The server is now in the hands of the US Computer Emergency Response Team (CERT), according to the report, and the US Department of Homeland Security has been briefed on the incident.

Reuters reports that the affected system was a test server that should not have been connected to the internet. It added that the system still had the vendor's default password.

UK security expert Graham Cluley said that while it appears that nothing was taken, that would be rather unusual and difficult to tell.

"If the Mona Lisa gets stolen from the Louvre it's pretty obvious - there's a gap in the wall where the painting used to hang. Data is different though. When it's seized by hackers, you can't tell that anything has been taken as they make a copy - they don't typically destroy the version on your server. After all, that wouldn't make sense. It would simply make it more obvious that a breach had occurred," he said.

"So we have to hope that the Department of Health and Human Services is right." µ

 

Share this:

blog comments powered by Disqus
Advertisement
Subscribe to INQ newsletters

Sign up for INQbot – a weekly roundup of the best from the INQ

Advertisement
INQ Poll

Microsoft's Windows 10 Preview has permission to watch your every move

Does Microsoft have the right to keylog users of its Windows 10 Technical Preview?