- HHS was the victim of a cyberattack Sunday night, coming as the Trump administration's health department grappled with its response to the novel coronavirus outbreak.
- The intent of the attack was to slow systems, though it was largely unsuccessful and HHS remained "fully operational," an HHS spokesperson told Healthcare Dive. No data was compromised.
- The agency's cyberattack was the result of "multiple incidents of hacking," according to a tweet from Bloomberg journalist Jennifer Jacobs, who first reported the attack. While the perpetrator hasn't been identified, officials believe it was orchestrated by nation-state actors.
Agencies are already taxed dealing with response to the new coronavirus outbreak. The cyberattack only heightens the complications, though it was relatively toothless, according to the Trump administration, which has faced criticism from what many see as an uncoordinated government reaction to the fast-moving outbreak.
"On Sunday, we became aware of a significant increase in activity on HHS cyber infrastructure and are fully operational as we actively investigate the matter," Caitlin Oakley, an HHS spokesperson, told Healthcare Dive. "Early on while preparing and responding to COVID-19, HHS put extra protections in place."
HHS is working with federal law enforcement in an attempt to nail down the perpetrator.
Healthcare organizations' cybersecurity has been in "critical condition" for a long time. Outdated systems and infrastructure inhibit threat prediction and analysis. Though HHS took steps to mitigate the impact of cyber events, such as breaches, some of its guidelines were only voluntary. The guidelines were outlined for organizations across the healthcare industry, from local clinics to large hospitals.
Malicious actors often respond to crises with misinformation campaigns or phishing schemes, according to research from Recorded Future.
Hackers are also leveraging public-facing resources as a tool to spread malware. Attackers exploited Johns Hopkins' coronavirus data map, which showcases real-time infection rates, reports cybersecurity journalist Brian Krebs.
Russian cybercrime forums were found selling a "digital coronavirus infestation kit that uses the Hopkins interactive map as part of a Java-based malware deployment scheme," according to Krebs. If the buyer already has a Java code signing certificate, the kit costs $200.
Legislation regarding cyberattacks and international law are insufficient, leaving nation-state cyberattacks left unattended to. Without consequences, hostile foreign actors will likely continue to target U.S. systems.
Last week the Cyberspace Solarium Commission released its 200-page report offering recommendations for shoring up U.S. cybersecurity, including retaliation. "The existing declaratory policy does not sufficiently communicate resolve or articulate a compelling logic of consequences," according to the report.
The commission wants the U.S. to "publicly convey" its ability to respond to cyberattacks and "impose costs against adversary cyber campaigns below a use-of-force threshold."
Rebecca Pifer contributed reporting.