Threat of denial-of-service cyberattacks growing in health care

Physicians and health care providers need to be aware of denial-of-service attacks that can freeze responses of their computer networks.

Denial of service (DoS) and distributed denial of service (DDoS) attacks flood a server or network with requests that cause them to crash or significantly reduce performance. That can interrupt business continuity by blocking patients or health care personnel from accessing electronic health records, software-based medical equipment, or websites to coordinate care, said the Analyst Note published Feb. 13 by Health Sector Cybersecurity Coordination Center (HC3) of the U.S. Department of Health and Human Services.

What’s worse, the attacks may serve as distractions to cover other computer attacks, such as stealing confidential data, according to HC3. The agency predicted the problem will spread.

“Threat actors utilize DDoS attacks due to the cost effectiveness, and relatively low resources and technical skills needed to deploy this type of attack as a hacker doesn’t have to install any code on a victim’s server,” the HC3 Analyst Note said. “Moreover, DDoS attacks are getting more sophisticated and complex while getting easier and cheaper to perpetrate as cyber criminals take advantage of the sheer number of insecure internet-connected devices."

Scope of attacks

This year HC3 issued an Analyst Note describing the pro-Russian “hacktivist” group KillNet, which is targeted the U.S. health and public health sector. Operating since January last year, KillNet is known for DDoS campaigns against entities in countries supporting Ukraine against Russia’s invasion there.

“While KillNet’s DDoS attacks usually do not cause major damage, they can cause service outages lasting several hours or even days,” according to HC3.

The DoS/DDoS problem spiked over the weekend of Feb. 11, according to computer network company Cloudflare, which declared: “This was a weekend of record-breaking DDoS attacks.” The company said attacks peaked at 50 million to 70 million requests per second, with the largest topping 71 million requests per second, originating from more than 30,000 Internet protocol addresses. Those attacks were not related ot KillNet or the Super Bowl, according to Cloudflare.

What to do

HC3, the U.S. Cybersecurity & Infrastructure Security Agency (CISA), and the U.S. National Institute of Standards and Technology all have recommendations for avoiding, detecting, and recovering from DoS/DDoS attacks.

• Enroll in a DoS protection service that detects abnormal traffic flows and redirects traffic away from your network.
• Create a disaster recovery plan to ensure successful and efficient communication, mitigation, and recovery in the event of an attack.
• Install and maintain antivirus software.
• Install a firewall and configure it to restrict traffic coming into and leaving your computer.
• Evaluate security settings and follow good security practices in order to minimalize the access other people have to your information.

The best way to detect and identify a DoS attack is by network traffic monitoring and analysis. DoS/DDoS attacks may resemble nonmalicious availability issues, such as network problems or maintenance. Anyone who thinks they are experiencing an attack should contact network administrators and Internet service providers to confirm the attacks and develop a recovery plan.