Politics & Government

Hacker breached HealthCare.gov; no personal information was compromised

Washington - An unknown computer hacker infiltrated the HealthCare.gov website last month in what appears to be the system's first security breach.

After being alerted by computer security equipment on August 25, HHS investigators found malicious files on a test server that supports the federal health insurance marketplace.

The malware was designed to initiate a "denial of service" attack against other undetermined websites, but officials at the Department of Health and Human Services said the threat was blocked and there's no evidence to suggest consumers' personal information was compromised.

"Our review indicates that the server did not contain consumer personal information; data was not transmitted outside the agency, and the website was not specifically targeted. We have taken measures to further strengthen security,” said HHS spokesman Kevin Griffis.

The HHS Office of Inspector General and the department's Computer Security Incident Response Center responded to the incident along with the U.S. Computer Emergency Readiness Team from the Department of Homeland Security. The IP address of the computer that launched the attack was blocked by the security team and the affected server was decommissioned.

Officials don't believe HealthCare.gov was the intended target of the attack because the person or persons responsible allegedly probed several government and private-sector sites looking for vulnerabilities. No other HHS computers were breached.

The attack remains under investigation by the FBI, DHS and others.

Officials said the incident will not affect the upcoming 2015 open enrollment period, which begins in November.