Suspicious cyberactivity targeting HHS tied to coronavirus response, sources say

The activity happened Sunday night, sources said.

The Department of Health and Human Services experienced suspicious cyberactivity Sunday night related to its coronavirus response, administration sources confirmed to ABC News Monday.

The suspicious activity HHS was not a hack but it may have been a distributed denial of service -- or DDOS -- attack, according to multiple sources.

The distinction is important because there was no apparent breach of the HHS system, which could interfere with critical functions of the lead agency responding to the coronavirus contagion. A DDOS effort enlists automated users -- called bots -- to overwhelm a public-facing system in order to slow it down or even paralyze it.

Officials believe any coordinated effort against HHS -- if there was one -- was not particularly successful and are satisfied that the system was not significantly affected.

Nevertheless, the concern is that foreign actors might attempt to exploit the COVID-19 crisis to achieve some of their anti-American goals.

PHOTO: The Department of Health and Human Services in Washington, D.C., Feb. 27, 2020.
The Department of Health and Human Services in Washington, D.C., Feb. 27, 2020.
The New York Times via Redux

“As federal state and local governments focus on handling the current public health crisis, national security officials are also tracking other threats -- in particular those posed by terrorist or extremist groups and foreign adversaries who may seek to take advantage of all of the attention being focused on the coronavirus and conduct an attack,” said John Cohen, a former acting Undersecretary of the Department of Homeland Security and contributor to ABC News.

At this point, analysts are trying to determine the origin of the activity targeting HHS. Officials have told Congress that the intelligence community fears that entities connected to Russia would try to use the current situation to sow even more chaos in the American public.

The FBI declined to comment.

“We are aware of a cyber incident related to the Health and Human Services computer networks and the federal government is investigating this incident thoroughly," NSC spokesman John Ullyot said in the statement. "HHS and federal government cybersecurity professionals are continuously monitoring and taking appropriate actions to secure our federal networks. HHS and federal networks are functioning normally at this time."

Intelligence and cyber officials are investigating to see if there is a connection to Sunday's messages saying there would be a national quarantine instituted, but as of now, they have not linked the two. The Cybersecurity and Infrastructure Security Agency (CISA), the Cyber Security arm of the Department of Homeland Security, is saying it is supporting its government partners, and is highlighting a number of steps that it's taken in previous weeks.

“CISA will continue to support our partners at HHS as they protect their IT systems," CISA spokesperson Sara Sendek said in a statement. "CISA has taken a number of steps over the last several weeks to increase cybersecurity preparedness across federal civilian agencies, including enhanced monitoring, issuing recommendations as agencies shift to telework, and identifying and protecting particularly important systems supporting COVID response efforts. We’re confident that the measures we’ve all put into place are sufficient, and we will stay on the lookout for and defend against malicious activity.”

“HHS has an IT infrastructure with risk-based security controls continuously monitored in order to detect and address cybersecurity threats and vulnerabilities. On Sunday, we became aware of a significant increase in activity on HHS cyber infrastructure and are fully operational as we actively investigate the matter. Early on while preparing and responding to COVID-19, HHS put extra protections in place. We are coordinating with federal law enforcement and remain vigilant and focused on ensuring the integrity of our IT infrastructure, HHS spokesperson Caitlin Oakley said in a statement.

The attack was first reported by Bloomberg.

This report was featured in the Tuesday, March 17, 2020, episode of “Start Here,” ABC News’ daily news podcast.

"Start Here" offers a straightforward look at the day's top stories in 20 minutes. Listen for free every weekday on Apple Podcasts, Google Podcasts, Spotify, the ABC News app or wherever you get your podcasts.

Related Topics