Last week, we discussed the tendencies of hackers to strike where they can cause the most chaos, taking advantage of the socioeconomic disruptions caused by COVID-19. This week, we investigate a breach in federal security, and why in today’s world, cybersecurity is more than a precaution.
The U.S. Department of Health and Human Services faced queries from all sides when Bloomberg News reported a cyberattack on HHS’s systems on March 15th. According to Bloomberg, no data was stolen, and the hackers were aiming to slow the department’s functionality.
In the aftermath of the attack, HHS spokesperson Caitlin Oakley assured the press that they were “fully operational” and in the process of investigating the incident. The agency later clarified there had been no data leak, and HHS systems were able to continue functioning normally.
The Cybersecurity and Infrastructure Protection Agency (CISA) has stepped in to assist HHS in responding to the cyberattack as HHS secures its IT systems. This comes on the heels of questions regarding federal cybersecurity measures, and the damages that occur when certain agencies neglect to keep up with the latest developments in security.
Covering Their Bases
Early on in preparations to respond to COVID-19, the HHS established extra data protections for their systems. At the time of the attack, they experienced no degradation, but did note significantly increased activity in their cyber infrastructure.
This incident developed early on in the COVID pandemic, at which point CISA had already implemented heightened measures of cybersecurity preparedness across various federal agencies. Response efforts included enhanced monitoring, issuing recommendations for those agencies transitioning to telework, and identifying key systems to protect from increased security threats.
The HHS hackers’ true motivations remain uncertain, but as we addressed last week, cyberattacks in times of social upheaval are often meant to contribute to a mounting sense of disorientation and futility. In turn, when agencies address issues of cybersecurity, it speaks to prioritizing stability and responding to those who want to kick the world while it’s down.
The coming weeks will be a critical period for federal agencies to strengthen their security measures and prepare for the increased risks that come with higher traffic. CISA’s mandates will continue to address the developing cybersecurity situation, but it remains up to agency officials to implement these new standards.
Cyberattackers may be taking advantage of corporations in disarray due to COVID, but by remaining vigilant and taking the right precautions, your organization can set an example for the industry in a time of uncertainty.
Our Fully Remote Audit incorporates a decade of experience, proven successes, and a repertoire of supplemental approaches customized for your audit’s environment that include video/teleconferencing, the collection of digital media to perform interviews, observations, and walkthroughs, and a full set of documentation and deliverables.
If the HHS incident proves anything, it’s that this isn’t the time to fall behind—so your organization also has the option to partner with us and lock in your desired audit dates for this calendar year. Whether working with us or another firm, we encourage you to schedule as soon as possible to ensure you meet your regulatory deadline.
To learn more, feel free to contact us.