Compliance Management, Malware, Privacy

CMS says no consumer data exposed in test server hack

Hackers broke into a server in July and uploaded malware intended to launch distributed denial-of-service (DDoS) attacks, according to a report in the Wall Street Journal.

Government cybersecurity experts discovered the hack last week and for the Centers for Medicare and Medicaid Services (CMS) assured key congressional staff Thursday that no personal information was compromised. 

CMS spokesman Aaron Albright said a review showed “that the server did not contain consumer personal information; data was not transmitted outside the agency, and the website was not specifically targeted.” CMS has since “taken measures to further strengthen security.”

Analysis by the Department of Homeland Security's Computer Emergency Readiness Team found that the hack affected a single server that was used to test new code, not run the beleaguered Albright noted the server was protected by a manufacturer-provided default password.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.