The latest healthcare hack appears to have been the HealthCare.gov website, federal officials confirmed last week. Hackers uploaded malware to a test server for the federal health insurance exchange.
According to an article on the Healthcare Info Security website, the latest high-profile breach did not result in the exposure of any personally identifiable information. CMS provided the following statement to the news site: "Today, we briefed key Congressional staff about an intrusion on a test server that supports HealthCare.gov. Our review indicates that the server did not contain consumer personal information; data was not transmitted outside the agency, and the website was not specifically targeted. We have taken measures to further strengthen security."
A CMS security team recognized unusual activity in a security log and looked further to discover the malware on the test server.
Many government security experts were involved in the investigation, including the HHS Office of Inspector General and teams from the Department of Homeland Security.
Based on the investigation, CMS concluded that the target of the attack was not HealthCare.gov. The malware was written to launch a distributed denial-of-service attack against other sites when activated not to obtain personal information.