HHS saw increase in network scanning in midst of COVID-19 outreach

HHS saw an uptick in scanning, and U.S. officials are investigating.
Department of Health and Human Services (HHS)
(Flickr/<a href="">American Life League</a>)

The Department of Health and Human Services saw an increase in scanning of some of its network as the department continues to respond to the novel coronavirus outbreak, a source with knowledge of the matter tells CyberScoop.

Signs pointed, at most, to a failed distributed denial-of-service attack, a source told CyberScoop.

Bloomberg News was first to report on the incident.

“There was no data breach” as a result of the activity, nor was there any “degradation” of HHS networks, HHS Secretary Alex Azar said Monday at a press briefing on the novel coronavirus pandemic.


“In the previous 24 hours we saw a great deal of enhanced activity with relation to the HHS computer systems and website,” Azar said.

“Fortunately we have extremely strong barriers,” he said. “We had no penetration into our networks, we had no degradation of the functioning of our networks, we had no limitation of our capacity for people to telework.”

“The source of this enhanced activity remains under investigation, so I wouldn’t want to speculate on the source of it,” Azar added.

The department is a key piece of the government’s outreach during the novel coronavirus’s outbreak. Azar has been a leading Trump administration surrogate as the country moves to thwart the virus’s spread.

HHS had earlier Monday issued a statement: “HHS has an IT infrastructure with risk-based security controls continuously monitored in order to detect and address cybersecurity threats and vulnerabilities. On Sunday, we became aware of a significant increase in activity on HHS cyber infrastructure and are fully operational as we actively investigate the matter. Early on while preparing and responding to COVID-19, HHS put extra protections in place. We are coordinating with federal law enforcement and remain vigilant and focused on ensuring the integrity of our IT infrastructure.”


A National Security Council spokesperson, John Ullyot, told CyberScoop in a statement that HHS and federal networks are “functioning normally,” but that the federal government is investigating the HHS “cyber incident.”

“We are aware of a cyber incident related to the Health and Human Services computer networks and the federal government is investigating this incident thoroughly,” Ullyot said. “HHS and federal government cybersecurity professionals are continuously monitoring and taking appropriate actions to secure our federal networks. HHS and federal networks are functioning normally at this time.”

Shannon Vavra contributed to this report.

Latest Podcasts