The computer systems of the US Health and Human Service Department have suffered a cyberattack as part of a campaign of disruption and disinformation aimed at undermining the country’s response to the ongoing coronavirus outbreak.
The campaign may have even been the work of a foreign actor and John Ullyot, a spokesperson for the National Security Council, provided more information on the attack in a statement, saying:
“We are aware of a cyber incident related to the Health and Human Services computer networks, and the federal government is investigating this incident thoroughly. HHS and federal government cybersecurity professionals are continuously monitoring and taking appropriate actions to secure our federal networks.”
Ullyot also revealed that HHS and federal networks are currently functioning normally. While a foreign state is suspected to be behind the attack, the administration has not yet confirmed who it was, according to a US official who spoke with Bloomberg.
The cyberattack against HHS involved overloading its servers with millions of hits over several hours. However, the attack did not succeed in slowing down the agency’s systems significantly according to one of the people familiar with the matter.
Caitlin Oakley, a spokesperson for HHS, noted that the agency decided to take extra precautions as it prepared to respond to the coronavirus outbreak, saying:
“On Sunday, we became aware of a significant increase in activity on HHS cyber infrastructure and are fully operational as we actively investigate the matter. We are coordinating with federal law enforcement and remain vigilant and focused on ensuring the integrity of our IT infrastructure.”
Before the cyberattack occurred, “fake” text messages from an unknown sender circulated warning that a person’s “military friends” had heard in a briefing that the “president will order a two weeks mandatory quarantine for the nation”. This message, which also spread by email and on social media, was related to the HHS cyberattack according to officials.
Just as we’ve seen an uptick in coronavirus-related malware scams and phishing attacks, this likely won’t be the only cyberattack launched during the outbreak.