The website of the U.S. Health and Human Services was attacked amid the coronavirus pandemic, officials confirmed on Monday.
A National Security Council spokesman said in a statement to news outlets that the council became aware “of a cyber incident related to the Health and Human Services computer networks and the federal government is investigating this incident thoroughly.”
The Health and Human Services (HHS) website and other federal networks “are functioning normally at this time,” he added.
HHS officials became aware on Sunday “of a significant increase in activity on HHS cyber infrastructure,” an agency spokeswoman added on Monday.
The agency is fully operational as they actively investigate the matter, she said.
“HHS has an IT infrastructure with risk-based security controls continuously monitored in order to detect and address cybersecurity threats and vulnerabilities,” the statement read.
“Early on while preparing and responding to COVID-19, HHS put extra protections in place. We are coordinating with federal law enforcement and remain vigilant and focused on ensuring the integrity of our IT infrastructure.”
The Cybersecurity and Infrastructure Security Agency (CISA), the cyber security arm of the Department of Homeland Security, said it was supporting other agencies.
“CISA will continue to support our partners at HHS as they protect their IT systems,” a spokeswoman said in a statement sent to outlets.
“CISA has taken a number of steps over the last several weeks to increase cybersecurity preparedness across federal civilian agencies, including enhanced monitoring, issuing recommendations as agencies shift to telework, and identifying and protecting particularly important systems supporting COVID response efforts. We’re confident that the measures we’ve all put into place are sufficient, and we will stay on the lookout for and defend against malicious activity,” she said.
Reliance on Computerized Systems
Gene Dodaro of the Government Accountability Office told HHS Secretary Alex Azar last year in a letter (pdf) that the nation’s critical infrastructure that provides essential services, including healthcare, relies extensively on computerized systems and electronic data.
“However, serious cybersecurity threats to the infrastructure continue to grow and represent a significant national security challenge. Additionally, recent data breaches have highlighted the importance of ensuring the security of health information,” he wrote.
The person or people behind the cyber attack aren’t publicly known at this time.
Sen. Ben Sasse (R-Neb.) said that attackers should be punished.
“Here’s the reality of 21st century conflict: cyberattacks are massive weapons to kick opponents when they’re down,” he said in a statement. “At a time when Americans face uncertainty and fear from coronavirus, we should expect an increase in cyberattacks and stay vigilant. There need to be consequences for these kinds of attacks. We can’t take our eye off the ball.”
The Cybersecurity and Infrastructure Security Agency warned earlier this month that people should remain vigilant for scams related to COVID-19, the disease the new coronavirus causes.
Among the advice: Don’t click on links in unsolicited emails, don’t reveal personal or financial information in email, and verify the authenticity of a charity before making donations.
People should also use trusted sources—such as legitimate, government websites—for up-to-date, fact-based information about COVID-19, the agency said.
On Sunday, the National Security Council shot down viral rumors of an impending national quarantine, calling the rumors “FAKE.”