Suspicious cyberactivity targeting HHS tied to coronavirus response, sources say

The activity happened Sunday night, sources said.

The suspicious activity HHS was not a hack but it may have been a distributed denial of service -- or DDOS -- attack, according to multiple sources.

The distinction is important because there was no apparent breach of the HHS system, which could interfere with critical functions of the lead agency responding to the coronavirus contagion. A DDOS effort enlists automated users -- called bots -- to overwhelm a public-facing system in order to slow it down or even paralyze it.

Officials believe any coordinated effort against HHS -- if there was one -- was not particularly successful and are satisfied that the system was not significantly affected.

Nevertheless, the concern is that foreign actors might attempt to exploit the COVID-19 crisis to achieve some of their anti-American goals.

At this point, analysts are trying to determine the origin of the activity targeting HHS. Officials have told Congress that the intelligence community fears that entities connected to Russia would try to use the current situation to sow even more chaos in the American public.

The FBI declined to comment.

“We are aware of a cyber incident related to the Health and Human Services computer networks and the federal government is investigating this incident thoroughly," NSC spokesman John Ullyot said in the statement. "HHS and federal government cybersecurity professionals are continuously monitoring and taking appropriate actions to secure our federal networks. HHS and federal networks are functioning normally at this time."

Intelligence and cyber officials are investigating to see if there is a connection to Sunday's messages saying there would be a national quarantine instituted, but as of now, they have not linked the two. The Cybersecurity and Infrastructure Security Agency (CISA), the Cyber Security arm of the Department of Homeland Security, is saying it is supporting its government partners, and is highlighting a number of steps that it's taken in previous weeks.

“CISA will continue to support our partners at HHS as they protect their IT systems," CISA spokesperson Sara Sendek said in a statement. "CISA has taken a number of steps over the last several weeks to increase cybersecurity preparedness across federal civilian agencies, including enhanced monitoring, issuing recommendations as agencies shift to telework, and identifying and protecting particularly important systems supporting COVID response efforts. We’re confident that the measures we’ve all put into place are sufficient, and we will stay on the lookout for and defend against malicious activity.”

“HHS has an IT infrastructure with risk-based security controls continuously monitored in order to detect and address cybersecurity threats and vulnerabilities. On Sunday, we became aware of a significant increase in activity on HHS cyber infrastructure and are fully operational as we actively investigate the matter. Early on while preparing and responding to COVID-19, HHS put extra protections in place. We are coordinating with federal law enforcement and remain vigilant and focused on ensuring the integrity of our IT infrastructure, HHS spokesperson Caitlin Oakley said in a statement.

The attack was first reported by Bloomberg.

This report was featured in the Tuesday, March 17, 2020, episode of “Start Here,” ABC News’ daily news podcast.

"Start Here" offers a straightforward look at the day's top stories in 20 minutes. Listen for free every weekday on Apple Podcasts, Google Podcasts, Spotify, the ABC News app or wherever you get your podcasts.

Top Stories

Top Stories

Top Stories

Top Stories

ABC News Live

ABC News Live

24/7 coverage of breaking news and live events