On October 1st, shortly after the launch of HealthCare.gov, a common talking point was that the Affordable Care Act was only suffering downtime because so many people were accessing it at once, and it was not able to handle the capacity.
I remember listening to the Diane Rehm show that day, and a caller called in, and actually blamed conservative groups for flooding the web site with traffic, with the intent of making it break. In hindsight, we know that HealthCare.gov crashed under its own weight, and not because of massive popularity.
But, the caller does raise an interesting issue. With the self-imposed deadline of December 1 rapidly approaching, I thought there are many conservative groups who are invested in the site not working. And, I can speculated that sites may try to flood Healthcare.gov with traffic, trying to get a Denial of Service attack.
So I googled Denial of Service attack. And what’s the fourth hit? Denial of Service Attack Healthcare.gov.
So apparently, others had this idea.HealthCare.gov has been targeted 16 times by cyber attacks. But this number was viewed as relatively low.
“The fact there was only 16 is surprising. Maybe those 16 are the documented ones,” he said of healthcare.gov. “Due to the fact there are consumers punching in personal identifying info, that makes it a very attractive target.”
During her testimony today, Stempfley said at least one of the attempts involved a Distributed Denial of Service (DDoS) attack, in which a hacker tries to flood a website with junk inquiries until it overloads and crashes the servers.
Stempfley said the DDoS attack did not succeed. However, she did not elaborate on the hacking techniques used in the other documented attempts and what, if any, damage was done.
I suspect HHS will be on red-alert for DOS attacks on Sunday. As it stands, the White House is “still urging people not to flood the website right away.”