Hackers broke into a HealthCare.gov server in July and uploaded malware intended to launch distributed denial-of-service (DDoS) attacks, according to a report in the Wall Street Journal.
Government cybersecurity experts discovered the hack last week and for the Centers for Medicare and Medicaid Services (CMS) assured key congressional staff Thursday that no personal information was compromised.
CMS spokesman Aaron Albright said a review showed “that the server did not contain consumer personal information; data was not transmitted outside the agency, and the website was not specifically targeted.” CMS has since “taken measures to further strengthen security.”
Analysis by the Department of Homeland Security's Computer Emergency Readiness Team found that the hack affected a single server that was used to test new code, not run the beleaguered HealthCare.gov. Albright noted the server was protected by a manufacturer-provided default password.
