The HealthCare.gov insurance site has been compromised after a hacker successfully broke in and installed malicious software to one of its servers. However, federal officials assured no personal data was stolen, since the intruded test server did not contain consumer information.
“Data was not transmitted outside the agency, and the website was not specifically targeted,” said Kevin Griffis, senior adviser at the Department of Health and Human Services (DHHS). “We have taken measures to further strengthen security.”
The Department of Homeland Security is further investigating the intrusion and stated the agency helped remove the malicious software, which was likely intended to launch denial-of-service (DDoS) attacks on other sites, a common method used by cybercriminals to force a website to crash.
The Wall Street Journal originally reported the attacker broke into the test server in July but the malware went undiscovered until late August during a routine security test by the Centers for Medicare and Medicare Services—a unit of DHHS.
Additionally, sources close the investigation said it appeared the development server lacked secure configuration using default credentials.
“These types of breaches will continue to happen as long as security operations teams continue to rely on manual methods or individual effort to harden their server configurations,” said Michael Thelander, Tripwire director of product management. “Unfortunately, there is usually ‘some other critical work’ in the way.”
Thelander added, “Adopting ‘secure configuration management’ as an automated, end-to-end control is the best chance to get ahead of system hardening.”
The Obamacare site, launched in October 2013, debuted with many issues to begin with, making it problematic for users to sign up for health insurance. A recent report stated the faulty site is set to exceed a whopping $1.7 billion budget, including the costs of nearly 60 separate contracts with companies, such as Oracle and Google.
There is no doubt the expenditures for the site will continue to accrue after the much needed investments to strengthen the site’s security.
Read More Here…