- More organizations experienced multiple distributed denial of service (DDoS) attacks in the fourth quarter of 2015, which could spell out trouble for healthcare cybersecurity measures, especially for cloud-based services.
According to Akamai’s quarterly State of the Internet: Security report, DDoS attacks are up by almost 40 percent across all industries since third quarter of 2015. The total number of DDoS attacks in the fourth quarter of 2015 also represents a 148.85 percent increase in total DDoS attacks since last year.
During a DDoS attack, an outside party attempts to flood an organization’s systems using a myriad of connections to overwhelm the system. Since the hackers can use programs or bots to generate numerous attacks, organizations cannot block just one IP address from shutting down a specific process.
In terms of healthcare, DDoS attackers can shut down EHR and email systems, which could prevent providers from accessing or communicating critical patient information. There is also a significant risk that hackers can inappropriately access PHI through a DDoS incident.
Despite the recent increase in DDoS events, researchers reported that the average attack time decreased by 20.74 percent since the third quarter of 2015. The average duration for an attack was 14.95 hours.
The decrease in average duration may be attributed to an increase in stresser- and booster-based botnets used to launch attacks, which are typically for-hire tools that define set limits on time. These types of botnets employ reflection attacks strategies that are also not able to manage larger attacks like more traditional botnets.
“In the past, most DDoS attacks were based on infected bots and would last until the attack was mitigated, the malicious actor gave up, or the botnet was taken down,” wrote the authors of the report. “Instead of spending time and effort to build and maintain DDoS botnets, it is easier for attackers to use booster/stresser tools to exploit network devices and unsecured service protocols.”
These types of botnets may also be responsible for an increase in repeat attacks in the fourth quarter of 2015, stated the report. Researchers revealed that there was an average of 24 attacks per customer, which represented a substantial increase from 17 attacks per customer in the third quarter.
In addition to DDoS attacks, there was a 28.1 percent increase in web application attacks since the previous quarter. There were more attacks over HTTP (24.05 percent), HTTPS (24.05 percent), and SQLi (12.19 percent) compared to the third quarter.
Researchers stated that the healthcare and pharmaceutical industries account for only 0.07 percent of web application attack triggers, but that accounted for 317,664 total attack triggers.
While the healthcare industry was not one of the most affected fields, healthcare organizations should still understand the risks and consequences of a DDoS or web application attack, especially as EHRs and other medical services are becoming more cloud-based.
“It is likely that cloud providers will remain the biggest trouble spot unless they do more to improve their default system configuration security procedures,” explained the report.
Researchers noted that EHR data is particularly valuable to criminals because it can be used to commit financial identity fraud. Healthcare providers could be targeted more in future.
Another study from Blue Cost Elastica Cloud Threat Labs reported that healthcare cloud security is still too low to adequately protect organizations from PHI breaches. Both studies agree that providers need more comprehensive healthcare cloud security measures to mitigate an attack, such as a DDoS incident.
Healthcare providers should also be aware that the main purpose of a DDoS attack is to disrupt a system and, generally, not to steal data. However, hackers can use a DDoS attack to distract a hospital while another healthcare data security incident takes place or extort organizations for access to systems.
Another major consequence of a successful DDoS attack on a healthcare organization is EHR or email downtime. Without patient data or secure communication methods, providers could be putting patient safety and information at risk.
As Akamai researchers explained, healthcare organizations should establish comprehensive cybersecurity measures that not only protect its systems from attack, but backup critical information to ensure physician workflows are not disturbed by a data security incident.