Cyber Incident Victim: U.S. Department of Health and Human Services
Date:
Mar 2020
Location:
United States of America
Summary
The U.S. Department of Health and Human Services experienced a cyberattack involving server overload through millions of hits over several hours, intended to disrupt operations during the coronavirus response. Federal investigations suggested possible foreign involvement, though no network penetration, data theft, or significant system degradation occurred. Concurrent disinformation efforts included widespread fake text messages falsely claiming an impending national quarantine, which officials linked to the incident. Cybersecurity professionals maintained normal network functionality, implemented additional protections, and coordinated with law enforcement agencies to investigate the attack while ensuring IT infrastructure integrity.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On March 16, 2020, the U.S. Department of Health and Human Services experienced a cyberattack during its COVID-19 pandemic response operations. The incident involved a sustained attempt to overload HHS servers with millions of malicious hits over several hours, constituting a distributed denial-of-service (DDoS) style attack aimed at disrupting critical systems. Federal officials characterized this as part of a broader campaign combining disruption attempts with disinformation efforts to interfere with the government's coronavirus response. While initial reports suggested possible foreign state involvement, the Trump administration had not officially attributed the attack at the time of disclosure. HHS Secretary Alex Azar confirmed during a White House briefing that the attack failed to penetrate agency networks or degrade system functionality, with departmental networks continuing to operate normally throughout the incident.
The cyber incident was detected on Sunday, March 15, when HHS cybersecurity teams observed a significant surge in activity targeting the agency's IT infrastructure. Caitlin Oakley, an HHS spokeswoman, stated the department had implemented additional protective measures in preparation for coronavirus response operations prior to the attack. Federal law enforcement agencies and the National Security Council immediately launched an investigation, with NSC spokesman John Ullyot confirming coordination between cybersecurity professionals across government agencies. Concurrently, unknown actors circulated false text messages and social media posts claiming President Trump would order a nationwide two-week quarantine, which the NSC publicly denounced as disinformation. Officials directly linked this disinformation campaign to the cyberattack on HHS systems, though no data exfiltration occurred. General Paul Nakasone of NSA and U.S. Cyber Command engaged in the investigation, while Secretary of State Mike Pompeo and other senior administration officials monitored the situation. HHS maintained full operational capacity throughout the incident and continued implementing enhanced security protocols as the federal response to both the cyberattack and pandemic evolved.