DDoS Attacks: In the Healthcare Sector

Distributed denial of service (DDoS) attacks are a popular tactic, technique, and procedure (TTP) used by hacktivists and cybercriminals to overwhelm a network to the point of inoperability. This can pose a serious problem for healthcare providers who need access to the network to provide proper patient care or need access to the Internet to send and receive emails, prescriptions, records, and information. While some DDoS attacks are opportunistic or even accidental, many target victims for a social, political, ideological or financial cause related to a situation that angers the cyber threat actors.

Example

This was the case with Boston Children’s Hospital in 2014. Anonymous (a well-known hacktivist group) targeted the Boston’s Children’s Hospital with a DDoS attack after the hospital recommended one of their patients, a 14-year-old girl, be admitted as a ward of the state and that custody be withdrawn from her parents. The doctors believed the child’s ailment was actually a psychological disorder and that her parents were pushing for unnecessary treatments for a disorder the child did not have. The custody debate put Boston Children’s Hospital in the middle of this controversial case, and some, including members of Anonymous, viewed this as an infringement on the girl’s rights. Anonymous took action by conducting DDoS attacks against the hospital’s network, which resulted in others on that network, including Harvard University and all its hospitals, to lose Internet access as well. The networks experienced outages for almost a week, and some medical patients and medical personnel could not use their online accounts to check appointments, test results, and other case information, according to the Boston Globe. As a result, the hospital spent more than $300,000 responding to and mitigating the damage from this attack, according to the attacker’s arrest affidavit.

Recommendations

DDoS attacks occur in a variety of ways, and understanding which type of attack is occurring is an important part of being able to properly mitigate the attack. In the MS-ISAC Guide to DDoS Attacks you will find an explanation of the different types of attacks (including the multiple types of standard and reflection DDoS attacks), followed by specific recommendations unique to each type of attack. General recommendations for defense against DDoS attacks include maintaining an effective partnership with your upstream network service provider as well as partnering with companies that provide DDoS mitigation services.

Want to defend your healthcare organization against additional advanced cyber threats? Check out this webinar recording.