- The Washington Times - Thursday, September 4, 2014

Federal government officials say that HealthCare.gov was hacked over the summer. The Department of Health and Human Services, which discovered the attack last week, found malicious software uploaded to the site.

“Our review indicates that the server did not contain consumer personal information; data was not transmitted outside the agency, and the website was not specifically targeted,” the Department of Health and Human Services said in a written statement, the Wall Street Journal reported Thursday. “We have taken measures to further strengthen security.”

Officials told the newspaper that White House and Congressional staff have been briefed, and that The Department of Homeland Security, Federal Bureau of Investigation and National Security Agency are part of an ongoing investigation.


SEE ALSO: Russian hackers unleash blizzard of spam in response to sanctions


“There is no indication that any data was compromised at this time,” DHS spokesman S.Y. Lee said in a written statement, the Journal reported. “DHS will continue to monitor the situation and help develop and implement precautionary mitigation strategies as necessary.”

The FBI said the attack originated overseas in July, but the agency does not believe the security breach was the work of a state-sponsored hacker. The suspect is believed to have entered the HealthCare.gov network through a basic security flaw; the server accessed was not meant to be connected to the Internet, the Journal reported.

“There was a door left open,” an official told the paper.

An official with DHS told the Journal that “if this happened anywhere other than HealthCare.gov, it wouldn’t be news.”

Congressman Diane Black, R-Tenn., released a statement on Thursday saying that the “vast amount of personal information that Americans are required to put into this site is an open invitation for hackers.” She added that while HHS said it does not believe sensitive data was stolen, the department “would be under no obligation to disclose if sensitive personal information were breached.”

The congressman then urged the Senate to take up the Health Exchange Security and Transparency Act, which passed the House earlier in the year.