U.S. intelligence agencies and the Department of Health and Human Services investigated the software used by Obamacare computer networks but did not discover malicious code from Belarus, the HHS’ top information official said on Monday.
“Yes we have done a thorough review and we have worked with the intelligence community on that,” said Kevin Charest, HHS chief information security officer.
Charest, speaking to reporters following a recent cyber attack drill held by HHS and several healthcare companies, also said the department has urged the millions of new subscribers to Obamacare to change passwords to avoid losing personal data to the Heartbleed security software vulnerability.
The Heartbleed vulnerability was discovered earlier this month as a flaw in encryption software called OpenSSL. Healthcare.gov networks could be affected by the bug because some elements use the content delivery network operated by Akamai Technologies, Inc., which uses OpenSSL.
Meanwhile, the FBI warned last week that hackers are continuing to step up cyber attacks against health care networks.
“Cyber actors will likely increase cyber intrusions against health care systems—to include medical devices—due to mandatory transition from paper to electronic health records, lax cybersecurity standards, and a higher financial payout for medical records in the black market,” the FBI said in a notice to private industry dated April 17.
The cyber attack exercise called CyberRX was conducted April 1. One of its scenarios included a simulated cyber attacks that resulted in a major news network posting large numbers of usernames and passwords for patients, doctors, and nurses in the U.S. healthcare industry. This exercise scenario stated that “Healthcare.gov has been compromised,” affecting government offices, hospitals and insurance companies, according to a report on the exercise.
The report concluded that companies that practice sharing information can better respond to real cyber strikes.
Full article: U.S. Intelligence, HHS Fail to Locate Foreign Malware Inside Obamacare Networks (Washington Free Beacon)