The cyber-attack was first reported Monday morning by Bloomberg, which said the attack had been intended to slow the health agency’s response time to the COVID-19 outbreak.
Later in the morning, administration sources confirmed to ABC News that the cyber-assault targeting HHS was not a hack but a distributed denial of service — or DDOS — attack. There is an important distinction between a DDOS and a cyber-attack. With a DDOS attack, there was no apparent breaching of the HHS system, which is good.
Instead, the DDOS effort apparently had automated users called bots – trying to overwhelm the public-facing HHS system in order to slow it down or even paralyze it.
“We are aware of a cyber incident related to the Health and Human Services computer networks and the federal government is investigating this incident thoroughly,” John Ullyot, spokesperson for the White House National Security Council (NSC), said in a statement, according to The Hill.
Text message rumors of a national #quarantine are FAKE. There is no national lockdown. @CDCgov has and will continue to post the latest guidance on #COVID19. #coronavirus
— NSC (@WHNSC) March 16, 2020
“HHS and federal government cybersecurity professionals are continuously monitoring and taking appropriate actions to secure our federal networks. HHS and federal networks are functioning normally at this time.”
“As federal state and local governments focus on handling the current public health crisis, national security officials are also tracking other threats — in particular those posed by terrorist or extremist groups and foreign adversaries who may seek to take advantage of all of the attention being focused on the coronavirus and conduct an attack,” said John Cohen, a former acting Undersecretary of the Department of Homeland Security and contributor to ABC News.