FBI Investigating HHS Cyberattack

FBI Investigating HHS Cyberattack
FBI Investigating HHS Cyberattack

The FBI Investigating HHS Cyberattack During Coronavirus Crisis

The AP reported that Attorney General William Barr has announced that the FBI is investigating the HHS Cyberattack that took place on March 16, 2020 for the involvement of foreign governments.  The incident that was originally reported on Sunday March 16, 2020 by Bloomberg, involved a cyberattack on the Department of Health and Human Services (HHS).  The attack attempted to launch disruptive information and impede the agency’s response.  Fortunately, the attempt failed to penetrate the network.  The HHS  was continually monitoring the infrastructure and detected a significant increase in activity.

Government Cybersecurity Preparedness

Government agencies are attractive targets for cyberattacks.  In 2018 President Trump signed into law the creation of the Cybersecurity and Infrastructure Security Agency to bolster the government’s capacity to defend against cyberattacks.  The HHS along with other agencies have been slow to implement improvements to its IT infrastructure.  The Government Accountability Office report issued in February of 2020 states that all but two federal agencies had failed to “effectively monitor the implementation of a voluntary cybersecurity framework”.  The HHS was among those criticized.  The agency did however replace its cybersecurity operation with the HHS-DHS Health Cybersecurity Coordination Center.  It may well be because of this change that this crisis was averted.

Health Industry Preparedness

The HHS published Health Industry Cybersecurity Practices (HICP) to move health providers towards effective practices to protect important and sensitive data.  This information is provided in two volumes, one for small health care organizations and another for medium to large providers.  This effort is well designed but its implementation is difficult to assess.  This is due to the fact that there is no mandate for companies to their information to the government.  Based on a general survey of business cyber preparedness most U.S. companies are not ready to protect critically sensitive data.

CVG Strategy Cybersecurity

CVG Strategy cybersecurity experts are committed to helping businesses attain effective cybersecurity programs.  We can help you implement ISO 27001 Information Security Management Systems to develop a scalable solution to protect your valuable data.  Contact Us today to see how we can help