Hackers successfully accessed a HealthCare.gov server in July and were able to upload malicious software, HHS disclosed Thursday. The breach was discovered last week during a manual review of the website's security logs.
The breached server was only used for testing, meaning none of the more than 5 million Americans with personal information on the website's servers was affected by the incident, HHS told The Wall Street Journal, which broke the story. Because the server did not contain consumer information, security settings were lower on that server than on other servers, according to the report. Federal investigators are also unsure if the hacker intended to target the insurance exchange marketplace, as the software uploaded to the server was designed to launch attacks on other websites rather than gather information from its host.
"Our review indicates that the server did not contain consumer personal information; data was not transmitted outside the agency and the website was not specifically targeted," HHS said in a written statement, according to the Journal. "We have taken measures to further strengthen security."
The breach has renewed concerns about the security of the website. "The vast amount of personal information that Americans are required to put into this site is an open invitation for hackers," said Rep. Diane Black (R-Tenn.), in a statement urging the passage of a law that would require HHS to disclose future HealthCare.gov breaches that result in stolen information.
HHS does not believe the breach will affect the upcoming open enrollment period, which begins Nov. 15.
More articles on HealthCare.gov:
7 healthcare controversies to watch for Midterms 2014
Will the next open enrollment period for the PPACA exchanges be any easier?
CMS establishes PPACA plan auto-renewal process