Close

See How Your Peers Are Moving Forward in the Cloud

New research from CDW can help you build on your success and take the next step.

Sep 16 2021
Security

5 Things to Know About DDoS Attacks in Healthcare

Healthcare systems are still vulnerable to distributed denial of service attacks, even if they may not be top of mind. Separate reality from misconceptions on DDoS tactics.

Distributed denial of service attacks are commonly used to target financial institutions, government infrastructure and cloud service providers. In 2020, however, DDoS attacks took on greater significance for healthcare providers as more hospitals than ever were targeted.

Cybercriminals use denial of service attacks to overwhelm networks and applications and take them offline. Distributed denial of service attacks go a step further by enlisting the help of botnets, which consist of many servers.

During the COVID-19 pandemic, cybercriminals increasingly preyed on the healthcare sector as organizations shifted to remote work and used online services for virus testing and vaccinations, according to a Netscout report on last year’s threat landscape. Online infrastructure company Cloudflare reported that malicious access requests and junk data sent to healthcare systems doubled in 2020.

Cybercriminals launch DDoS attacks for a variety of reasons, including extortion and to distract security teams while performing more nefarious activities, such as extracting data or infecting systems with ransomware. DDoS attacks can be damaging, preventing patients from scheduling appointments online and doctors from sending or receiving important information. A worst-case scenario could also compromise systems and lead to a loss of patient data. To protect themselves, healthcare organizations should be able to separate the truth from fiction about DDoS.

Fallacy: DDoS Attacks Don’t Affect Healthcare

The rise of DDoS attacks has been on cybersecurity officials’ radars. The FBI issued a notice in 2020 warning organizations about DDoS amplification attacks. It’s a worldwide issue too: An attack on a Paris-based group of hospitals during the pandemic disrupted remote workers.

In one of the most well-known DDoS attacks in the U.S. healthcare industry, a federal jury in 2018 convicted the hacker who had targeted a Boston-based hospital in protest over the handling of a suspected child abuse case. The attack flooded 65,000 IP addresses used by the hospital over two weeks, blocking internet services used to treat patients. It also affected several other area hospitals and disrupted day-to-day activities and research capabilities. The attack cost the hospital more than $300,000 and an additional $300,000 in donations because the hospital’s fundraising website was affected.

Fact: A DDoS Attack Can Give Cover for a Second Attack

Though the main purpose is to disrupt systems, DDoS attacks could also be used to distract IT teams while a security breach takes place. Healthcare providers accounted for 79 percent of all reported data breaches in the first 10 months of 2020, according to a Fortified Health Security report.

Because of the added pressure on hospitals over the past year, they’re more willing to pay ransoms to restore services and data. This tactic has been profitable, and while DDoS attacks are often arbitrary, those launched against healthcare serv-ices are usually targeted.

DISCOVER: How security training can combat the threat of ransomware.

Fallacy: Protections Against DDoS Attacks Are All the Same

As hospitals implement digital strategies and transform the patient care experience, cyber-security remains a major issue. DDoS attacks are still adapting and becoming more sophisticated.

Protections that worked in the past may no longer be effective. Just placing a firewall with DDoS protection at the network perimeter may not be sufficient. For better protection, web application firewalls are commonly deployed to protect published web apps. These firewalls can block or challenge visitors by IP address, use reputation-based threat protection and adapt by collecting data to identify new threats.

Because of the increased likelihood of DDoS attacks in the years to come, it’s important for healthcare providers to have an adequate incident response plan in place. Prevention is always better than a cure, but in the event of a successful DDoS attack or compromise of critical IT systems, healthcare organizations should have a plan to restore data quickly and temporarily move to manual processes.

Fact: IoT Devices in Healthcare Can Be Vulnerable

Breached Internet of Things devices are often the starting point for major security events. Keeping IoT devices up to date is crucial. Any devices that healthcare systems don’t control directly should be on an isolated network.

Unlike traditional PCs and servers, anti-virus software and other security agents can’t always be installed on IoT devices. If microagents cannot be deployed, providers can use third-party services to perform an inventory of all IoT devices on a network and detect threats using behavioral analytics. Log data from IoT devices should be centralized using a security information and event management solution. SIEM gives security teams insight into operational activity and helps identify anything unusual before it wreaks havoc.

READ MORE: How to secure healthcare organizations against ransomware attacks.

Fallacy: DDoS Attacks Cannot Affect Intranet Servers

Most DDoS attacks originate from the internet and target online services, but attacks can also target perimeter firewalls, which protect intranet servers that provide document management and other critical functions.

Attacks can also be launched from the inside. Botnets consist of devices that are involuntarily recruited by hackers to initiate DDoS attacks. If a provider’s computers are compromised, they can form part of a botnet and be used to attack others. The increased network traffic will affect services on the local network, potentially disrupting performance and taking intranet services offline.

Prepare to defend against DDoS attacks and have an incident response plan in place, as even the most thorough defenses could be breached as attacks become more sophisticated and even more frequent.

Michael Austin/Theispot