Officials said Thursday they will strengthen security for the federal health insurance enrollment site, HealthCare.gov, after they discovered a hacker had broken into a server and installed malicious software in July.
"Today, we briefed key Congressional staff about an intrusion on a test server that supports HealthCare.gov. Our review indicates that the server did not contain consumer personal information; data was not transmitted outside the agency, and the website was not specifically targeted. We have taken measures to further strengthen security," a spokesman for the Department of Health and Human Services said.
So far, millions of Americans have used the website to sign up for insurance under the Affordable Care Act, submitting personal information including their social security numbers, income and names of family members. More are expected to sign up when open enrollment begins Nov. 15, and officials said the security breach will not impact enrollment.
The hacker appeared to have accessed a server with low-level security used to test code on the site, the Wall Street Journal reported. The malware installed was meant to be part of a larger denial of service attack on other sites, and a number of private sector and other government sites were also targeted by the cyberattack.
Officials discovered the malware last week after investigating the site's security logs. The department, as well as Homeland Security and the FBI, determined the breach did not extend to other parts of the website and no information had been transmitted.