More details regarding the reported breach of the Department of Health and Human Services' Health Resources and Services Administration grant payments platform from March to November 2023 have been demanded by Senate Health Committee ranking member Bill Cassidy, R-La., from HHS Secretary Xavier Becerra, reports The Record, a news site by cybersecurity firm Recorded Future.
Such an incident was reported by Bloomberg to have involved email account hijacking that resulted in the theft of $7.5 million but the HHS did not provide more information regarding the incident to Congress, indicating breach notification law violations, alleged Cassidy in a letter that also sought Becerra to respond about the specifics of the incident by Apr. 5. Meanwhile, an HHS spokesperson emphasized that only targeted fraud and not a cyberattack has been targeted at the the Payment Management System. "HHS promptly reported the incident to the HHS Office of Inspector General. As federal stewards of the taxpayer dollar, we take this issue with the utmost importance," the spokesperson said.