Hacker breaches HealthCare.gov but steals no data

A hacker broke into part of the government insurance enrollment website in July and uploaded malware, federal officials say. The intrusion was discovered last week by a government security team who said that no personal information was taken and that they boosted the site's security.

The Wall Street Journal: Hacker Breached Healthcare.gov Insurance Site
A hacker broke into part of the HealthCare.gov insurance enrollment website in July and uploaded malicious software, according to federal officials. Investigators found no evidence that consumers' personal data were taken or viewed during the breach, federal officials said. The hacker appears only to have gained access to a server used to test code for HealthCare.gov, the officials said (Yadron, 9/4).

The New York Times: Hackers Breach Security Of Healthcare.gov
Hackers breached security at the website of the government's health insurance marketplace, HealthCare.gov, but did not steal any personal information on consumers, Obama administration officials said Thursday (Pear and Perlroth, 9/4).

The Washington Post: Healthcare.gov Server Hacked But HHS Says No Consumer Information Taken
A portion of the Healthcare.gov website was breached in July when hackers uploaded malicious software to a test server, government officials said Thursday. The intrusion was discovered last week by the security team at the Centers for Medicare and Medicaid Services, a unit of the Department of Health and Human Services. "Our review indicates that the server did not contain consumer personal information; data was not transmitted outside the agency, and the website was not specifically targeted," HHS said in a written statement. "We have taken measures to further strengthen security." The incident was first reported by the Wall Street Journal (Peterson and Millman, 9/4).

The Associated Press: Hackers Break Into Healthcare.gov
Hackers successfully breached HealthCare.gov, but no consumer information was taken from the health insurance website that serves more than 5 million Americans, the Obama administration disclosed Thursday. Instead, the hackers installed malicious software that could have been used to launch an attack on other websites from the federal insurance portal (9/4).

Politico: GOP Chorus Attacks Obamacare Over Healthcare.gov Hack
Although no personal, financial or health data were compromised in the attack, which may not even have been aimed specifically at HealthCare.gov, the hacker implanted a bug that appears to have gone undetected for six weeks. Republicans in Congress had long warned of security breaches of the site, as had cybersecurity experts familiar with its workings (Norman, 9/4).

McClatchy: Hacker Breached Healthcare.gov; No Personal Information Was Compromised
An unknown computer hacker infiltrated the HealthCare.gov website last month in what appears to be the system's first security breach. After being alerted by computer security equipment on August 25, HHS investigators found malicious files on a test server that supports the federal health insurance marketplace (Pugh, 9/4).

Fox News: Issa Says HHS Official 'Must Testify' After Obamacare Website Hacked
House Oversight and Government Reform Committee Chairman Darrell Issa is demanding a key ObamaCare official testify before his committee after the Obama administration revealed Thursday hackers have successfully breached HealthCare.gov. Issa, R-Calif., said in a statement that Marilyn Tavenner, the administrator for the Centers for Medicare and Medicaid Services, "must testify" before his committee on Sept. 18 to discuss "transparency, accountability, and information security" regarding the federal ObamaCare website (9/4).

Reuters: Hackers Break Into Server For Obamacare Website: U.S. Officials
An unknown hacker or hackers broke into a computer server supporting the HealthCare.gov website through which consumers enroll in Obamacare health insurance, a government cybersecurity team discovered last week, apparently uploading malicious files. The Centers for Medicare and Medicaid Services, the lead Obamacare agency, briefed key congressional staff on Thursday about the intrusions, the first of which occurred on July 8, CMS spokesman Aaron Albright said. The malware uploaded to the server was designed to launch a distributed denial of service, or DDoS, attack against other websites, not to steal personal information, Albright said. In a DDoS, Internet-connected computers are so overwhelmed by malware attempting to communicate with their website that, unable to handle legitimate requests, they crash (Begley, 9/4).