Senator Pushes For HHS Cybersecurity Measures After Incident

Sen.  Michael Bennet (D-Colo.) has pushed for a review of “all computer-based IT and network systems at the Department of Health and Human Services (HHS), Centers for Disease Control and Prevention (CDC), and the National Institute of Health” after reports of cyberactivity on March 15 on HHS’s networks. Sen. Bennet noted that these agencies are essential to the United States’ response to the COVID-19 pandemic, so their cybersecurity is important. He also reached out to the Director of the Cybersecurity and Infrastructure Security Agency (CISA) at the Department of Homeland Security (DHS) to help resolve the issue.

“Following reports of cyberactivity on Sunday, March 15, 2020, on the HHS computer system, I urge CISA to perform a comprehensive review of all computer-based IT and network systems at HHS, CDC, and NIH to identify and address any vulnerabilities now to limit exposure to future cyber incidents,” Sen. Bennet stated in the letter

“We also urge you to work collaboratively to swiftly determine what additional resources and staff you may require to secure these critical networks. Finally, I urge agencies to establish contingency plans to ensure a robust and effective response to future cyber incidents. As this public health crisis continues, perhaps for several months, the security of these vital systems is critical to ensuring that our federal agencies responsible for public health can effectively support our response to the pandemic and continue to provide trusted and timely information to the American people.” 

The incident was what insiders called “a campaign of disruption and disinformation that was aimed at undermining the response to the coronavirus pandemic and may have been the work of a foreign actor.” The cyber incident overloaded HHS’s servers with millions of hits over the course of several hours, but it was not successful in its intent because it did not significantly slow down the system. HHS assured that there was no “penetration into” or “degradation of” its networks. In response, John Ullyot, National Security Council spokesperson, stated, “We are aware of a cyber incident related to the Health and Human Services computer networks, and the federal government is investigating this incident thoroughly. HHS and federal government cybersecurity professionals are continuously monitoring and taking appropriate actions to secure our federal networks.” On the same day as the incident, the National Security Council tweeted a warning about “fake” texts; officials believe these fake text messages were related to the HHS cyberattack.