The Department of Health and Human Services found common malware on a testing server used for development of HealthCare.gov that is reportedly designed for use in denial of service attacks, heightening scrutiny for the department ahead of the healthcare enrollment season this fall.
The Centers for Medicare and Medicaid noticed unusual server traffic on one of its testing servers in late August – a server that it says that did not contain consumer personal information. That led to the discovery of a kind of malware that’s used to flood a web server with request to take it offline. CMS said HealthCare.gov had not been targeted, but that the malware had been on the server since early July.
CMS said it has taken measures to increase security of the site, but the report has opened a new front for attack on the department and the healthcare law as enrollment approaches. The chair of the House Oversight and Government Reform Committee, Darrell Issa, R-Calif., plans a hearing next week.
