Attackers behind CMS portal breach used legit accounts to swipe data
The attackers responsible for a breach of an online portal run by the Centers for Medicare and Medicaid Services last month did so by taking advantage of lax privileges given to legitimate accounts, CyberScoop has learned. In October, CMS announced that hackers obtained data on 75,000 people from a portal used by health insurance agents and brokers assisting people with direct enrollment in the government’s health insurance exchanges. On an internal briefing call held Wednesday at the Department of Health and Human Services, Acting CMS CIO Rajiv Uppal updated agency IT officials with more details on the breach. The details of that call were shared with CyberScoop. Uppal said the breach happened after 45 portal accounts were discovered to be conducting millions of searches in order to pull information from the database. From those searches — which included names, birthdates and the last four digits of Social Security numbers — attackers […]
The post Attackers behind CMS portal breach used legit accounts to swipe data appeared first on Cyberscoop.
Continue reading Attackers behind CMS portal breach used legit accounts to swipe data