A hacker breached the federal HealthCare.gov website in July and uploaded malicious software, federal officials said Thursday.
The breach, which was first reported by The Wall Street Journal, was discovered last week. No personal data was taken, but the break-in has raised concerns months ahead of the start of another open enrollment period.
The Department of Health and Human Services briefed congressional staff Thursday on the breach, believed to be the first successful hack of the federal health insurance exchange where millions of people signed up for private plans late last year and early this year.
“Today, we briefed key Congressional staff about an intrusion on a test server that supports HealthCare.gov,” HHS said in a statement. “Our review indicates that the server did not contain consumer personal information; data was not transmitted outside the agency, and the website was not specifically targeted. We have taken measures to further strengthen security.”
An HHS official told Business Insider the breach was discovered on Aug. 25 when a department security team noticed an anomaly in the system security logs of one of the server’s systems. HHS leadership and its Inspector General’s office were “quickly notified and assisted in assessing this incident,” the official said.
The FBI and Department of Homeland Security were also called in to investigate the attack.
The official said HealthCare.gov was not specifically targeted in the hack, which could mean it was part of a broader effort to discover vulnerable spots across government-agency and private-sector websites.
“The commonplace malware uploaded on the test server was designed to launch a ‘denial of service’ attack against other websites when activated and not designed to exfiltrate [personally identifiable information],” the official said.
The HHS official said the breach wouldn’t have any effect on the second period of open enrollment, which is scheduled to begin Nov. 15.
Business Insider Emails & Alerts
Site highlights each day to your inbox.