WATCH TV LIVE

Skip to main content
Tags:

Hackers Break into Server for Obamacare Website -U.S. Officials

Thursday, 04 September 2014 06:30 PM EDT

By Sharon Begley

NEW YORK, Sept 4 (Reuters) - An unknown hacker or hackers broke into a computer server supporting the HealthCare.gov website through which consumers enroll in Obamacare health insurance, a government cybersecurity team discovered last week, apparently uploading malicious files.

The Centers for Medicare and Medicaid Services (CMS), the lead Obamacare agency, briefed key congressional staff on Thursday about the intrusions, the first of which occurred on July 8, CMS spokesman Aaron Albright said.

The malware uploaded to the server was designed to launch a distributed denial of service (DDoS) attack against other websites, not to steal personal information, Albright said.

In a DDoS, Internet-connected computers are so overwhelmed by malware attempting to communicate with their website that, unable to handle legitimate requests, they crash.

"Our review indicates that the server did not contain consumer personal information; data was not transmitted outside the agency, and the website was not specifically targeted," Albright said. "We have taken measures to further strengthen security."

The Office of Inspector General of the Department of Health and Human Services, CMS's parent agency, and HHS leadership were notified of the attack, which was first reported by the Wall Street Journal.

A spokesman for the Department of Homeland Security, which helps investigate cyber attacks, said its Computer Emergency Readiness Team (US-CERT) had forensically preserved the affected server and had identified and extracted the malware designed to launch a denial of service attack.

US-CERT analysis indicated that only one server was involved. It was not running HealthCare.gov, but was instead used by programmers to test new code before it goes live.

The test server was not supposed to be connected to the Internet, but somehow was. In addition, access to it was protected by a default password installed by the manufacturer, said Albright, who declined to say if that default was 1-2-3-4-5 or something equally breachable.

Cybersecurity expert David Kennedy, chief executive of the information security firm TrustedSec LLC, said he was unconvinced this was the first successful hack on HealthCare.gov.

"There are fundamental flaws in how they're coding the website and it's going to take a long, long time to fix it," he told Reuters. "It continues to be a really big glaring security hole." It is rare for hackers to upload malware without following through to use it, he added.

Rep. Diane Black of Tennessee, a longtime Republican critic of Obamacare, criticized CMS for the cyberbreach, saying "designing a secure website should have been a top priority for this administration."

The attack, Albright said, will have no impact on the second open enrollment period for Obamacare, which begins on Nov. 15. (Reporting by Sharon Begley, Doina Chiacu and Alina Selyukh; Editing by Dan Grebler)

© 2025 Thomson/Reuters. All rights reserved.

Sign up for Newsmax’s Daily Newsletter

Receive breaking news and original analysis - sent right to your inbox.

(Optional for Local News)
Privacy: We never share your email address.

Click Here to comment on this article
Share
Newsfront
450
2014-30-04
Thursday, 04 September 2014 06:30 PM
Newsmax Media, Inc.
Join the Newsmax Community
Read and Post Comments
Please review Community Guidelines before posting a comment.
 

Interest-Based Advertising | Do not sell or share my personal information

Newsmax, Moneynews, Newsmax Health, and Independent. American. are registered trademarks of Newsmax Media, Inc. Newsmax TV, and Newsmax World are trademarks of Newsmax Media, Inc.

NEWSMAX.COM
America's News Page
© 2025 Newsmax Media, Inc.
All Rights Reserved
Download the Newsmax App
Apple
Android
Amazon
Samsung
Vizio
Roku
Sony
LG
Scan QR code to get the NewsmaxTV App
NEWSMAX.COM
America's News Page
© 2025 Newsmax Media, Inc.
All Rights Reserved