Fallacy: DDoS Attacks Don’t Affect Healthcare
The rise of DDoS attacks has been on cybersecurity officials’ radars. The FBI issued a notice in 2020 warning organizations about DDoS amplification attacks. It’s a worldwide issue too: An attack on a Paris-based group of hospitals during the pandemic disrupted remote workers.
In one of the most well-known DDoS attacks in the U.S. healthcare industry, a federal jury in 2018 convicted the hacker who had targeted a Boston-based hospital in protest over the handling of a suspected child abuse case. The attack flooded 65,000 IP addresses used by the hospital over two weeks, blocking internet services used to treat patients. It also affected several other area hospitals and disrupted day-to-day activities and research capabilities. The attack cost the hospital more than $300,000 and an additional $300,000 in donations because the hospital’s fundraising website was affected.
Fact: A DDoS Attack Can Give Cover for a Second Attack
Though the main purpose is to disrupt systems, DDoS attacks could also be used to distract IT teams while a security breach takes place. Healthcare providers accounted for 79 percent of all reported data breaches in the first 10 months of 2020, according to a Fortified Health Security report.
Because of the added pressure on hospitals over the past year, they’re more willing to pay ransoms to restore services and data. This tactic has been profitable, and while DDoS attacks are often arbitrary, those launched against healthcare serv-ices are usually targeted.
Fallacy: Protections Against DDoS Attacks Are All the Same
As hospitals implement digital strategies and transform the patient care experience, cyber-security remains a major issue. DDoS attacks are still adapting and becoming more sophisticated.
Protections that worked in the past may no longer be effective. Just placing a firewall with DDoS protection at the network perimeter may not be sufficient. For better protection, web application firewalls are commonly deployed to protect published web apps. These firewalls can block or challenge visitors by IP address, use reputation-based threat protection and adapt by collecting data to identify new threats.
Because of the increased likelihood of DDoS attacks in the years to come, it’s important for healthcare providers to have an adequate incident response plan in place. Prevention is always better than a cure, but in the event of a successful DDoS attack or compromise of critical IT systems, healthcare organizations should have a plan to restore data quickly and temporarily move to manual processes.
Fact: IoT Devices in Healthcare Can Be Vulnerable
Breached Internet of Things devices are often the starting point for major security events. Keeping IoT devices up to date is crucial. Any devices that healthcare systems don’t control directly should be on an isolated network.
Unlike traditional PCs and servers, anti-virus software and other security agents can’t always be installed on IoT devices. If microagents cannot be deployed, providers can use third-party services to perform an inventory of all IoT devices on a network and detect threats using behavioral analytics. Log data from IoT devices should be centralized using a security information and event management solution. SIEM gives security teams insight into operational activity and helps identify anything unusual before it wreaks havoc.
Fallacy: DDoS Attacks Cannot Affect Intranet Servers
Most DDoS attacks originate from the internet and target online services, but attacks can also target perimeter firewalls, which protect intranet servers that provide document management and other critical functions.
Attacks can also be launched from the inside. Botnets consist of devices that are involuntarily recruited by hackers to initiate DDoS attacks. If a provider’s computers are compromised, they can form part of a botnet and be used to attack others. The increased network traffic will affect services on the local network, potentially disrupting performance and taking intranet services offline.
Prepare to defend against DDoS attacks and have an incident response plan in place, as even the most thorough defenses could be breached as attacks become more sophisticated and even more frequent.