HACKERS BROKE INTO an Obamacare server and attempted to use it in a denial of service attack, according to the US Centers for Medicare and Medicaid Services (CMS).
We have asked the CMS to comment on the issue, but so far it has not responded. In a statement to the INQUIRER it said that apparently the attack was not designed to steal information, but rather to take control.
"Our review indicates that the server did not contain consumer personal information; data was not transmitted outside the agency, and the website was not specifically targeted," said CMS spokesman Aaron Albright.
"We have taken measures to further strengthen security."
Albright said that the investigation found that the assault took place in early July, telling Reuters that malware was uploaded to the server, and that this would have let the attacker control the server and use it to attack another online target of some sort.
The server is now in the hands of the US Computer Emergency Response Team (CERT), according to the report, and the US Department of Homeland Security has been briefed on the incident.
Reuters reports that the affected system was a test server that should not have been connected to the internet. It added that the system still had the vendor's default password.
"If the Mona Lisa gets stolen from the Louvre it's pretty obvious - there's a gap in the wall where the painting used to hang. Data is different though. When it's seized by hackers, you can't tell that anything has been taken as they make a copy - they don't typically destroy the version on your server. After all, that wouldn't make sense. It would simply make it more obvious that a breach had occurred," he said.
"So we have to hope that the Department of Health and Human Services is right." µ
Sign up for INQbot – a weekly roundup of the best from the INQ