On Thursday, the congressional staff was briefed by the Health and Human Services (HHS) about the systems of the HealthCare.gov website being breached and infected with malware by hackers in July.
The Attackers planted the malware in such the way that they are allowded to access the servers used for testing codes in websites, says Wall Street Journal.
However the breach occurred long back in July, it was just discovered recently on August 25th and an immediate investigation was deployed in order to determine the damage caused so far and prevent this from happening.
The malware was planted not only to steel informations but also for creating a denial of service condition against other websites.
Even if the incident affected a computer system not facing the Internet, it is connected to a network of computers that can be accessed online. Moreover, malware can spread across the network and reach machines that store highly sensitive information, especially in this case.
Bloomberg reports:The attacker gained access to the server due to improper protection measures that consisted only in a default password. Because it was a test system not connected to the Internet, the officials say that the attack was not targeted.
This incident shows the importance of security all over companies and industries, which should be strong enough to manage these attacks and in this case the security is weakest and the security breach was discovered later due to carelessness.