Former HHS CIO says the agency was hit with over 8 billion scan attacks during a DDOS attack in March 2020
Written by Dave Nyczepir
In 2020, the Department of Health and Human Services was hit by more than eight billion scan attempts over 18 hours in a distributed denial-of-service attack, according to the agency’s former chief information officer.
In an interview with FedScoop, José Arrieta said attackers waited for the agency to roll down its perimeter firewall and clear its cache — because the network was reloading about 50 million packets, slowing it down — to access the department’s network be able.
HHS was hit with a serious DDOS-style attack on March 15, 2020, when malicious actors attempted to exploit the agency’s pandemic-driven shift to full teleworking to infiltrate its network.
“And when we did [lower the firewall] They were trying to embed themselves into the HHS network so they could exfiltrate data when we started full telecommuting,” Arrieta told FedScoop. “And we would have no visibility or understanding of whether it was normal remote work or if it was an enemy combatant actually trying to steal data.”
According to Arrietta, HHS’s network remained operational because the agency had already upgraded its firewalls, multi-site Trusted Internet Connections capacity, server capacity and Virtual Private Network capability for telecommuting.
Scanning attacks are used to collect network information from sophisticated cyber attacks. Commonly used scanning techniques to gather computer network information include IP address scanning, port scanning, and version scanning.
More details about the cyber threat HHS faced at the height of the coronavirus pandemic come after several former senior officials questioned key findings of a dismissed watchdog report on the cybersecurity of COVID-19 data analytics systems in place at the time.
Officials who spoke to that publication said the report, which was retracted by the HHS inspector general last month, failed to consider the speed with which agency leaders had to respond to the situation, the lack of high-quality data available, and the cybersecurity measures , which the Office of the CIO introduced in response to the March 15 attack.
Two officials briefed on the investigation refuted their findings, saying the capabilities the technology quickly made available to senior medical decision-makers outweighed any potential cyber risks.
HHS did not respond to a request for comment.