Coronavirus hack: nobody knows who entered HHS servers or why

Amidst the global novel coronavirus/COVID-19 crisis, a crucial government department has been hacked. Bloomberg reports that on Sunday night, the U.S. Health and Human Services Department suffered a cyber-attack on its computer system.

The attack, according to anonymous sources contacted by Bloomberg, was aimed at slowing down “the agency’s systems.” Considering that the HHS has over 80,000 employees and focuses on everything from the opioid epidemic to biomedical research, that’s a vague description. Bloomberg goes on to describe the attack as “overloading the HHS servers with millions of hits over several hours.”

The sources also say that the hackers didn’t slow these systems “in any meaningful way.”

But the U.S response to the attack could offer more insight into the aims of the hackers. According to Bloomberg’s sources, a tweet from the White House National Security Council was directly related to the hacking: “Text message rumors of a national #quarantine are FAKE. There is no national lockdown. @CDCgov has and will continue to post the latest guidance on #COVID19. #coronavirus.”

Knowledge of the hack has been run up the ladder to Secretary of State Mike Pompeo and President Donald Trump. There are no clues as to who was behind the hack in the first place, although government officials suspect a hostile foreign state actor. The National Security and U.S Cyber Command have taken charge of the investigation into the hack.

That systems were not slowed does not necessarily mean that the hackers were unsuccessful in their goals. In 2018, Russian state hackers were found to have infiltrated the systems of key pieces of United States infrastructure. The Department of Homeland Security and the FBI found in a report that the hacks “affected multiple organizations in the energy, nuclear, water, aviation, construction, and critical manufacturing sectors.”

It was an attack that took considerable effort. Yet, once inside, with the ability to affect this wide swath of American society, the Russian government didn’t seem to do anything in particular. Experts believe that the attack was more of a scouting expedition, meant to understand U.S systems from the inside-out. There’s far too little known to the public to make any concrete assumptions about the goals of the HHS hackers, but the attack could have offered insight into how the U.S rapid response network operates, and the system’s capabilities.

The HHS is only the latest actor involved in fighting coronavirus to have been the victim of cyberattacks. Two private labs focused on creating coronavirus test kits, Quest Diagnostics and LabCorp, were involved in 2019’s massive American Medical Collection Agency (AMCA) hack, which HealthITSecurity.com declared the worst hacking incident of the year.

The AMCA, a billing provider for the medical service industry, saw the information of over 20 million Americans leaked online. The vast majority of this leaked patient information, consisting of personal and financial information, came from Quest and LabCorp, which saw 12 million and 7.7 million victims respectively.

The Inverse Analysis

Under normal circumstances, the healthcare industry is already a prime target for hacking. As an industry, having quick access to information can make the difference between life and death, and it is not as always technically proficient as other industries. But the novel coronavirus makes these extraordinary times. Cyber-attacks against the crucial elements of healthcare infrastructure around the world will almost certainly continue. The only question is which will be the first one to succeed.