HealthCare.gov breach affected test server, not users

A server within the Healthcare.gov system has been compromised, but the good news is that it didn’t contain consumer personal information.

It was just a development server which wasn’t supposed to be online but was, and wasn’t properly configured and still accepted default credentials, CSO reports.

The breach happened in July and was discovered on August 25 during a scheduled security scan. The nature of the malware that the attackers planted on the server and the fact that it remained idle helped it stay under the radar for so long.

The malware in question was not capable of exfiltrating information – it was simply meant to rope the server into a botnet and use it for sending out spam and make it participate in DoS attacks, officials at the US Department of Health and Human Services have said. “We have taken measures to further strengthen security,” a spokesman of the department assured.

It would seems that the attackers didn’t specifically target the Healthcare.gov site, but were only after an addition to their botnet.

“If this happened anywhere other than HealthCare.gov, it wouldn’t be news,” commented a senior Department of Homeland Security official.

HealthCare.gov, which is operated under the US federal government, serves as a online health insurance exchange where US residents can search for private health insurance plans or, if they earn less than four times the federal poverty line, can apply for subsidies, and others for Medicaid.

Don't miss