Healthcare Information Security

Cybersecurity News

DoS, DDoS Attack Prevention Measures for Covered Entities

OCR highlights key DoS and DDoS attack prevention measures for healthcare organizations in its recent cybersecurity newsletter.

By Elizabeth Snell

As healthcare continues to adopt Internet of Things (IoT) technology, denial-of-service (DoS) and distributed-denial-of-service (DDoS) attack prevention measures are becoming more prevalent, according to the latest cybersecurity newsletter from the Office for Civil Rights (OCR).

US-CERT DDoS attack prevention measures can be used by healthcare organizations

Healthcare can use IoT in several ways, including allowing healthcare facilities to monitor medical devices, patients, and personnel, OCR explained.

Furthermore, citing data from US-CERT, OCR discussed how a DoS or DDoS attack could affect a healthcare provider.

“An attacker may be able to deter patients or healthcare personnel from accessing critical healthcare assets such as payroll systems, electronic health record databases, and software-based medical equipment (MRI, EKGs, infusion pumps, etc.),” OCR said for DoS attacks.

With DDoS attacks, attackers may use one computer system to attack another. This is one area where healthcare could be affected, as it continues to push interoperability and use new technologies.

“The attacker may hijack or take control of a computer, forcing the computer to send out huge amounts of illegitimate data traffic to particular websites or send spam to particular email addresses,” the newsletter stated. “The attacker can also control multiple computers with malicious software (also known as botnets) to launch a DoS attack.”

While a service disruption does not necessarily mean an attack, OCR still highlighted key warning signs from US-CERT that an organization may in fact be experiencing a DoS or DDoS attack:

  • Unusually slow network performance (opening files or accessing websites)
  • Unavailability of a particular website
  • Inability to access any website
  • Dramatic increase in the amount of spam you receive in your account.

Covered entities and business associates should consider numerous methods to preventing a potential DoS or DDoS attack, according to US-CERT.

For example, organizations should continuously monitor and scan for vulnerable and comprised IoT devices on their networks. Entities should also adhere to the necessary remediation actions.

Password management policies and procedures for devices and their users should also be implemented and adhered to. All default passwords need to be switched to strong passwords, OCR noted, as default usernames and passwords for most devices can be found online.

Anti-virus software and updated security patches should also be installed and properly maintained. It is a critical step to install patches once they become available. Additionally, a firewall that is configured to restrict traffic from entering and leaving the network and it systems is an important prevention measure.

Networks need to be segmented when it is appropriate, OCR explained. Appropriate security controls must also be applied so access can be controlled across all segments.

Applying email filters can also help healthcare organizations manage unwanted traffic, and can be a useful step in creating good security practices for distributing email addresses.

OCR also listed the following prevention measures from US-CERT that healthcare organizations can utilize:

  • Disable Universal Plug and Play (UPnP) on routers unless absolutely necessary
  • Look for suspicious traffic on port 48101. Infected devices often attempt to spread malware by using port 48101 to send results to the threat actor
  • Monitor Internet Protocol (IP) port 2323/TCP and port 23/TCP for attempts to gain unauthorized control over IoT devices using the network terminal (Telnet) protocol.  

Overall, security awareness needs to be practiced and promoted. IT systems, medical devices, and HVAC systems with network capabilities all need to be fully understood by covered entities and business associates. Any device with an open Wi-Fi connection, transmits data, or has remote operating capabilities could potentially become infected, according to US-CERT.

“Even if you do correctly identify a DoS or DDoS attack, it is unlikely that you will be able to determine the actual target or source of the attack,” US-CERT states on its website. “Contact the appropriate technical professionals for assistance.”

Dig Deeper:


SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
Data Breaches

Our privacy policy

no, thanks

Continue to site...