A hacker broke into HealthCare.gov and installed malicious software on one of its servers in the first successful breach of the health insurance exchange, federal officials said Thursday.
No personal data were stolen from the Obamacare site as the hacker accessed only a test server that did not contain consumer information, according to Kevin Griffis, a senior adviser at the Department of Health and Human Services.
“Data was not transmitted outside the agency, and the website was not specifically targeted,” Griffis said in a statement. “We have taken measures to further strengthen security.”
A spokesman for the Department of Homeland Security said that agency helped remove malicious software that was designed to launch denial-of-service attacks — a common tactic used by hackers to flood websites with traffic until they crash.
The hacker broke into the server sometime in July, according to The Wall Street Journal, which first reported the breach on Thursday. The malware was discovered on Aug. 25 during a routine security test, federal officials said. The server was guarded by an easy-to-crack default password and the hackers appeared to have installed the malware for use in future cyberattacks against other websites, according to the Journal.
The breach of HealthCare.gov marks the latest in a spate of hacking against both major corporations and government agencies. Earlier this week, Home Depot appeared to be the latest retailer to get hacked when a huge cache of credit and debit card data linked to purchases at the store went on sale on a black market website.
Last week, JPMorgan said it was investigating a possible cyberattack after reports that hackers stole gigabytes of data, including customer credit and savings account information, from its network.
The federal government hasn’t fared much better. In July, Chinese hackers broke into the databases of the Office of Personnel Management, which contains files on federal employees, including those who apply for top-secret clearances.
After its Oct. 1 debut last year, HealthCare.gov was plagued with problems, including repeated glitches that lasted for weeks and initially prevented millions of people from signing up for health insurance. The site was fixed after the White House hired dozens of engineers and programmers from tech industry giants like Google and Oracle to repair it. More than 8 million people have signed up for insurance via the federal and state health care exchanges, federal officials said in May.
The security of the federal website has been an especially sensitive issue given the fierce political battle over Obamacare. Rep. Darrell Issa (R-Calif.), chairman of the House Oversight and Government Reform Committee, has been investigating potential security vulnerabilities in the site. Mitre, a contractor hired to check the site’s security, found 28 security flaws in a test last October. Administration officials said last year that those flaws had been fixed or did not pose a threat, according to The Washington Post.