The head of the Health and Human Services Department is assuring the public there was no penetration into the department’s systems following media reports of a “cyberattack” meant to slow the government’s response to the novel coronavirus.
“In the previous 24 hours we saw a great deal of enhanced activity with relation to the HHS computer systems and website,” HHS Secretary Alex Azar told reporters during a White House briefing Monday on the government’s management of the pandemic.
“Fortunately we have extremely strong barriers,” he said. “We had no penetration into our networks, we had no degradation of the functioning of our network, we had no limitation in our capacity for people to telework.”
Azar said he didn’t want to speculate on the nature of the perpetrators as officials are still investigating the matter. He said HHS has taken “very strong defensive action” and reiterated “there was no data breach or no degradation in terms of our ability to function and serve our important mission here.”
An HHS spokesperson earlier in the day told reporters the department had upped protections in place against cyber threats in the wake of the coronavirus.
“Early on while preparing and responding to COVID-19, HHS put extra protections in place,” HHS spokesperson Caitlin Oakley said.
Officials were responding to a Bloomberg report of a “cyberattack” that occurred Sunday. Unnamed officials in the report said foreign actors were suspected. The article said the attack was meant to slow down operations during the government’s response to COVID-19.
“HHS has an IT infrastructure with risk-based security controls continuously monitored in order to detect and address cybersecurity threats and vulnerabilities,” Oakley said. “On Sunday, we became aware of a significant increase in activity on HHS cyber infrastructure and are fully operational as we actively investigate the matter.”
Oakley said HHS remains vigilant and is coordinating with federal law enforcement, in addition to the Cybersecurity and Infrastructure Security Agency.
“We’re confident that the measures we’ve all put into place are sufficient, and we will stay on the lookout for and defend against malicious activity,” CISA spokesperson Sara Sendek told reporters. “CISA will continue to support our partners at HHS as they protect their IT systems.”
CISA might have some significant challenges looming.
“CISA has taken a number of steps over the last several weeks to increase cybersecurity preparedness across federal civilian agencies,” Sendek said, “including enhanced monitoring, issuing recommendations as agencies shift to telework, and identifying and protecting particularly important systems supporting COVID response efforts.”