This article has been saved to your Favorites!

HHS Hit With Cyber 'Incident' Amid Coronavirus Outbreak

By Ben Kochman · 2020-03-16 20:30:49 -0400

The U.S. Department of Health and Human Services said Monday that it is investigating a suspicious spike in activity on its network over the weekend, in what security officials called a "cyber incident" that did not disrupt the agency's response to the COVID-19 virus.

Security staff at the agency alerted federal law enforcement on Sunday after spotting a "significant increase in activity on HHS cyber infrastructure," HHS spokesperson Caitlin Oakley said. The incident did not have any impact on the agency's services, which are "fully operational as we actively investigate the matter," Oakley said in a statement.

HHS oversees agencies across the U.S. government, including the Centers for Disease Control and Prevention and the National Institutes of Health, which are currently coordinating a response to the COVID-19 virus, including by sharing information about the number of confirmed U.S. cases.

U.S. officials did not say Monday whether the suspicious activity was some sort of intentional "attack" by a malicious actor, or if it was an effort to exfiltrate sensitive data. But ABC News reported, citing "administration sources," that the incident may have been a distributed denial of service, or DDoS, attack. A DDoS cyberattack aims to shut down or slow down its target by overwhelming the target's network, servers, or other computer systems with a flood of data, which often comes in the form of an unusually large amount of internet traffic.

The White House's National Security Council said Monday that it was investigating a "cyber incident related to the Health and Human Services computer networks," according to a statement from NSC spokesman John Ullyot.

"HHS and federal government cybersecurity professionals are continuously monitoring and taking appropriate actions to secure our federal networks," Ullyot said, adding that "HHS and federal networks are functioning normally at this time."

The incident comes as cybersecurity officials warn that institutions and businesses all over the world should be on high alert for potential cyberattacks amid the COVID-19 outbreak, particularly as more and more employees are forced to work from home.

The U.S. Cybersecurity and Infrastructure Security Agency, or CISA, warned Friday that malicious cyber actors are finding security vulnerabilities of the virtual private networks, or VPNs, that organizations often use to enable remote workers to connect to a shared network.

Urging organizations to have a "heightened sense of cybersecurity," CISA advised employers to frequently patch their networks with the latest security fixes, use multifactor authentication as another layer of protection, and to stay on the lookout for phishing emails that aim to dupe teleworkers into giving up their login credentials.

--Editing by Breda Lund.

For a reprint of this article, please contact reprints@law360.com.