DDoS Attacks Continue to Threaten Healthcare Cybersecurity
HC3’s latest brief shed light on the threat of Distributed Denial of Service (DDoS) attacks on healthcare cybersecurity, noting that they may have “detrimental impact on the ability to provide care.”
Source: Getty Images
By Jill McKeon
- Distributed Denial of Service (DDoS) attacks are a major threat to healthcare cybersecurity, as exemplified by the ongoing cyberattack tactics of KillNet, a pro-Russian hacktivist group that has been actively targeting the US healthcare sector.
DDoS attacks “have the potential to deny healthcare organizations and providers access to vital resources that can have detrimental impact on the ability to provide care,” the Health Sector Cybersecurity Coordination Center warned in its latest analyst note.
“In healthcare, disruptions due to a cyber-attack may interrupt business continuity by keeping patients or healthcare personnel from accessing critical healthcare assets such as electronic health records, software-based medical equipment, and websites to coordinate critical tasks.”
By definition, DDoS attacks flood a victim’s network with traffic, rendering network resources unusable. Often, DDoS attacks serve as a distraction while bad actors deploy more sinister malware on their victim’s network.
“In the early reconnaissance stage, threat actors use it to test an organization’s preparedness to respond to an initial attack and to cover up activities such as port scanning,” HC3 explained.
“Threat actors may then use it to produce extraneous forensic logs and data files at the weaponization or malware delivery stage, and then to make identification and eradication of planted malware challenging. At the data extraction stage, it will be used as a diversionary tactic to conceal exfiltration of confidential data.”
DDoS attacks require few technical skills and resources and are very cost effective, making them an enticing tactic for threat actors. In addition, the increasing number of insecure internet-connected devices make DDoS attacks even easier to execute.
“The healthcare sector can more effectively defend against the potential impact of a DDoS attack by taking methodical inventory of critical assets, and to prepare contingency plans for a variety of circumstances in which those assets may come under attack from a determined threat actor,” HC3 recommended.
“Healthcare organizations should prioritize identifying services and devices that may be exposed to the public internet, vulnerabilities, and how a user base connects to networks.”
Healthcare entities should prepare for DDoS attacks by documenting internet-facing and IT infrastructure assets and developing a reliable incident response plan. The analyst note contains a detailed overview of assessment and mitigation tactics that healthcare organizations can leverage to manage risk.
