US Department of Health and Human Services Website Swamped by Foreign Hackers
The U.S. Health and Human Services (HHS) Department suffered a cyberattack Sunday. The HHS cyberattack night was meant to cripple HHS IT systems and interfere with the ability to convey information about the Coronavirus, healthcare, and social services. The hackers struck as the US is increasing efforts to mitigate the spread of the novel Coronavirus, COVID-19.
This is not the fail issue for HHS IT systems. The agency’s email crashed on February 23 in the middle of the Coronavirus crisis. A test of their email system by the IT team at the Centers for Medicare and Medicaid Services caused the outage. Some emails were delayed up to 11 hours.
The latest HHS cyberattack appears to have been carried out by foreign hackers although US Cyber Command has not confirmed that or named the hacking group. It is believed that no data was stolen. Hackers tried to overwhelm HHS servers with a deluge of millions of requests over the course of several hours. Although it is early in the analysis, the attack sounds like it probably was a form of a denial of service (DoS of DDoS) attack. A denial service attack is a volume based cyberattack where hackers flood a service – HTTP, UDP, ICMP – with a large number of requests. As severs responds to the millions of requests from hackers’ bots, they cannot respond to requests from legitimate website users trying to access webpage content.
How Do Denial of Service Attacks Work?
When the servers used by a website to store and send webpages and information requests are bogged down by hackers pummeling it with millions of useless inquires, the servers become overloaded and the website slows down possible to the point of being unusable. Sometime only the homepage works when servers are too busy. Attempts to login to an account result in an error. There is only so much information the website can supply in a given person of time. This makes it difficult or impossible for people trying to legitimately access the website and get information about the Coronavirus COVID-19.
A HHS cyberattack website slowdown caused by hackers is the same problem seen by website users when a website is very, very busy. For example, on Saturday when I was trying to cancel my reservation on JetBlue Airways, I could not log into my online account to view and manage my reservation. The website was simply overwhelmed by ten of thousands of customers trying to deal with canceled travel plans caused by the spread of the Coronavirus. Although this issue is not triggered by hackers, it has the same effect. JetBLue’s – as well as every other airline – servers and probably the call center are overloaded.
There was also a misinformation social media campaign related to this cyberattack. Last night, the National Security Council tweeted, “Text message rumors of a national #quarantine are FAKE. There is no national lockdown. @CDCgov has and will continue to post the latest guidance on #COVID19.”
What is the U.S. Department of Health & Human Services?
The U.S. Department of Health & Human Services (HHS) is a United States federal agency that administers public social service programs as well as communicates public health and safety information to citizens. HHS has been communicating information to the public about the Coronavirus.
The federal agency administers programs such as Supplemental Nutrition Assistance Program (SNAP) and the not-so Affordable Care Act insurance marketplace or (HealthCare.gov)