Hackers Attack Health and Human Services Computer System

WASHINGTON — A crude effort by hackers to test the defenses of computer systems for the Department of Health and Human Services on Sunday evening escalated Monday, with administration officials saying they were investigating a significant increase in activity on the department’s cyberinfrastructure.

But officials backed off earlier suggestions that a foreign power was behind the attack, coming as the nation and the world struggle to cope with the coronavirus.

The incident appeared to be a particularly aggressive, if somewhat conventional, effort to scan the department’s networks for vulnerabilities, and perhaps to try to break into its email system. But while the effort set off alarms, given sensitivities around the work on the coronavirus, officials said they could not determine whether the action was the result of foreign actors or just hackers seizing on the moment to create chaos.

The first reports came from White House officials, some of whom said that Iran may have been seeking revenge for American-led sanctions or for the U.S. drone strike in Iraq that killed Maj. Gen. Qassim Suleimani, the country’s most important military commander.

While some officials embraced that view, cyberexperts who examined the incident said it was little different than the thousands of routine attempts that companies and government agencies fend off daily, as hackers and security researchers scan the internet for weak spots.

The secretary of health and human services, Alex M. Azar II, told reporters at a news conference with President Trump on Monday that whatever happened had been unsuccessful.

“Fortunately we have extremely strong barriers,” he said. “We had no penetration into our networks. We had no degradation of the functioning of our networks. We had no limitation of our capacity for people to telework.”

Get an informed guide to the global outbreak with our daily coronavirus newsletter.

Yet the incident rattled some senior officials, because it underscored how networks they have long ignored may be critical to the coronavirus response. Drug makers, hospitals, the Centers for Disease Control and Prevention, and supply chains for medical goods have now become part of the nation’s critical infrastructure, along with power grids and election systems.

Two officials said government experts, from the Department of Homeland Security’s Cyber Infrastructure and Security Agency and from intelligence agencies, were trying to find out the source of the incidents, and who was behind the attempted hack.

One official said there was some intelligence that could be interpreted as indications that the hack was linked to Iran, but no evidence was cited. Others said there were many other possible explanations. One official said the intelligence so far was very thin and could point to many suspects, not all of them foreign.

Even so, in a White House packed with officials who are hawkish on Iran, the intelligence was seized upon by some as likely indicating an attack from Tehran.

At the same time, there are growing concerns about a torrent of misinformation affecting everyone from officials at the White House to doctors on the front lines combating the virus.

At emergency rooms in Los Angeles, doctors say they are trying to weed out truth from fiction on social media about how to diagnose coronavirus cases in the absence of tests, and under what circumstances they need to wear protective gear. They say they are spending a disproportionate amount of time scanning social media, trying to gather whatever information they can from anonymous posts by doctors in Seattle, New York and even Italy.

“Right now, we are flying blind, sharing snippets from anonymous doctors over Facebook and Twitter,” said Jennifer Ellice, an emergency room doctor in Los Angeles. “We can’t wait for the usual evidence-based, peer-reviewed data in journals and professional association guidelines.”

Dr. Ellice and her colleagues were pleading Monday for a technological platform, such as a mobile app, that could validate and authorize licensed physicians to share real-time information that would, for example, tell them whether emergency room patients showing extreme gastrointestinal distress may be stricken with the coronavirus.

“We are making policy decisions by word of mouth,” Dr. Ellice said.

Doctors say they were wading through misinformation — what World Health Organization officials call an “infodemic” of lies and rumors — in search of real-time information from doctors around the country.

One of the challenges of sharing real-time medical information is the Health Insurance Portability and Accountability Act, the federal regulations protecting patients’ confidential health information. The other is strict hospital policies on what employees can post on social media. As a result, doctors have been posting anonymously on Twitter and Facebook.

As government officials tried to make sense of the unsuccessful intrusions at the Department of Health and Human Services, they were bracing for more serious cyberattacks and online threats.

Over the past week, a series of fake websites for the World Health Organization and the C.D.C. have started to appear. Security researchers say they are witnessing nation-state hackers in China, as well as Eastern European cybercriminals, exploit the coronavirus panic with so-called phishing attacks. In those attacks, malware-laden updates about the coronavirus, or interactive infection maps, are sent out to employees at government agencies and across the private sector.

As of Friday, the phishing campaigns were limited to countries in Asia, but security researchers worry that as infections spread in the United States, so too will hackers ready to exploit nationwide anxiety for their own motivations.

“This is broader than a nation-state issue,” said Adam Meyers, the head of threat intelligence for CrowdStrike, a cybersecurity company. “The American public is beside themselves buying toilet paper. The big concern is criminals will exploit their fears for account fraud, wire fraud and ransomware.”

David E. Sanger and Matthew Rosenberg reported from Washington, and Nicole Perlroth from Palo Alto, Calif.

Continue reading at New York Times