Kudos to Federal Times, who obtained a tremendous amount of data from HHS about security incidents involving their component systems. Aaron Boyd reports on their analysis of data, which was obtained through a Freedom of Information request. The analyses look at types of attacks by components of HHS. Here’s some of their analysis and findings:
The records — which include a tally of security incidents reported by HHS components between January 2013 and September 2015 — provide a very high-level view of the challenges the department faces. On the whole, HHS reported 26,381 incidents over a 30-month period: 40 percent of which were categorized as unauthorized access; 14 percent as scans, probes or attempted access; and 12 percent as malicious code.
But certain trends become apparent after parsing the data.
For instance, over that time period, CMS reported 7,600 incidents of unauthorized access, a category the National Institute of Standards and Technology defines as “a person [gaining] logical or physical access without permission to a network, system, application, data or other IT resource.” These incidents — accounting for 56 percent of all reported incidents — could signal a network breach by a malicious actor. More often than not though, such incidents are merely an employee or contractor accessing a system outside the scope of their work. That’s a violation of protocol perhaps, but not malicious.
In contrast, CMS only discovered 250 instances of malicious code embedded in its systems, the lowest among the major incident categories reported, accounting for less than 2 percent of its total reported incidents. The majority of HHS components followed this same track, though not to the same extreme.
CDC and NIH were exceptions. For both, malware stood as a predominant threat vector.
Read more on Federal Times. Then see their follow-up, where they make the data publicly available for download and for your own analyses. You can also create your own data visualization using DataWrapper.de.