server hacked

A government security team last month found malware on a Health and Human Services (HHS) server that supports the Obamacare website, HHS confirmed to CBS News on Thursday.

The commonplace malware was designed to launch "denial of service" attacks against other websites, HHS said, and there is no evidence any consumers' personal information was sent to any external IP address. The attack did not appear to directly target, and the server that was targeted did not contain any consumers' personal information.

HHS on Thursday briefed congressional staff about the breach, which happened in July and was discovered on August 25 during a routine review of security logs, according to the Wall Street Journal. The hacker was traced to a foreign IP address but is not believed to be a state actor, according to an HHS official.

After the breach was discovered, HHS leadership and the HHS Office of the Inspector General (the agency's independent watchdog) were quickly notified about it. The Department of Homeland Security and U.S. Computer Emergency Readiness Team (U.S.-CERT) helped respond to the hack.

"We have taken measures to further strengthen security," HHS said in a statement to CBS News. The hacked server has been disconnected, and there is no evidence that the intrusion took place on other HHS servers.

Government officials are still investigating the hack. In the meantime, HHS is conducting a comprehensive review of security improvements and said that it is taking "proactive steps" to protect the

Millions of Americans in the past year signed up for health insurance plans through, after submitting personal information like Social Security numbers and financial information to the website.

The 2015 open enrollment period begins on November 15, but HHS said that the hack should have no impact on that.

The all new
CBS News App for Android® for iPad® for iPhone®
Fully redesigned. Featuring CBSN, 24/7 live news. Get the App