A hacker managed to break into HealthCare.gov in July and installed malware to the servers that run the site, the Department of Health and Human Services said on Thursday. The attack—discovered last week during a routine security sweep—was designed to launch future “denial of service” attacks on other sites, rather than steal users’ personal data, according to HHS. “Our review indicates that the server did not contain consumer personal information; data was not transmitted outside the agency, and the website was not specifically targeted. We have taken measures to further strengthen security,” HHS said in a statement.
“The hacker was traced to a foreign IP address but is not believed to be a state actor,” an HHS official told CBS News. “HealthCare.gov was not specifically targeted by the hack, the Health Department said, which could indicate that the affected test server was compromised in the course of a broad campaign to find vulnerabilities at government and private websites across the Web,” the Hill reports. The hack is reported to be first successful cyberattack on the health care site.
