In today’s healthcare landscape, the seamless operation of digital applications and services is mission-critical, with patient care increasingly dependent on technology and data accessibility. Any disruption to these data and systems can carry severe repercussions, endangering patient safety, compromising the integrity of sensitive data, and tarnishing healthcare’s reputation. This is why the surge in cyber threats has become such a critical concern.
The fact that healthcare is a prime target for cyber threats is not new. Traditionally, healthcare providers have been the center of financially motivated ransomware attacks. Ransomware is a type of malware that denies its victims access to data and computer systems, usually encrypting it until a ransom is paid to attackers.
What is new, however, is that healthcare now attracts different types of bad actors with techniques and tactics of their own. Motivated by religion and politics, nation-state actors and hacktivist groups are building a reputation for launching global distributed denial-of-service (DDoS) campaigns to create a direct threat to public health and safety. A DDoS attack is designed to overwhelm the devices, services, and network of its intended target with fake internet traffic, rendering them inaccessible to legitimate users. For healthcare, this means vital digital services are down.
DDoS warning signs
Earlier this year, pro-Russian hacktivist group, Killnet and its affiliates coordinated a series of DDoS attacks against medical centers and healthcare facilities across the United States and Europe. According to the U.S. Health Sector Cybersecurity Coordination Center, more than 90 orchestrated DDoS attacks took aim at healthcare organizations across the U.S., including Level 1 trauma centers, in late January 2023 alone.
To keep healthcare organizations guessing, even DDoS attacks are evolving in sophistication. Recently, a European hospital network was targeted by an international hacktivist group and hit by a new type of aggressive, layer 7, HTTPS Flood attack, also known as a Web DDoS Tsunami attack.
The hospital network experienced nearly a dozen major attack waves during a period of six weeks. The attacks consisted of short bursts under 10 minutes long with 30-50 thousand requests per second (RPS) each. Each attack wave pattern varied, requiring protection systems with a high degree of automation to dynamically adapt the signature to the attack pattern. Because the attacks masqueraded as legitimate web requests, they were also difficult to detect. What many healthcare organizations don’t realize is that traditional protections based on pre-existing signatures or rate-based detections are not designed to defend against this emerging type of attack without blocking legitimate traffic.
Understanding organizational risks
Regardless of the attacker, their motivations or tactics, the end result looks the same for healthcare. The availability of mission-critical systems is threatened; patient care is disrupted; and sensitive data is exposed. Key areas of organizational risk include:
- Operational risks: Healthcare institutions lean heavily on electronic health record systems, patient portals, and communication platforms for fundamental tasks like patient care, appointment scheduling, and electronic medical record access. Any disruption to this digital framework jeopardizes patient well-being. DDoS attacks obstructing access to patient records or medical devices can stall vital treatments, risking lives.
- Security risks: Interestingly, some threat actors have used DDoS attacks to serve as a smokescreen to divert attention while hackers attempt to breach the institution’s security and access sensitive patient data. These attacks invariably lead to data breaches that expose private patient information, resulting in legal and regulatory consequences, financial penalties, and damage to the institution’s reputation.
- Financial risks:The costs associated with DDoS attack mitigation, service restoration, and the implementation of additional security measures can be substantial. Furthermore, revenue loss stemming from service disruptions and potential patient attrition can further diminish an institution’s financial health.
- Compliance and legal risks: Healthcare institutions operate under the stringent governance of regulations such as the Health Insurance Portability and Accountability Act (HIPAA) and the General Data Protection Regulation (GDPR). A DDoS attack resulting in data breaches can lead to compliance breaches and bring forth severe penalties, including fines and legal actions.
A prescription for DDoS protection
As malicious actors get smarter and more adept, healthcare providers face an urgent imperative: to rethink their cybersecurity strategies and systems. To uplevel defenses against the emerging generation of DDoS attacks that are currently targeting healthcare, here are some important factors to consider:
- Utilize DDoS protection with behavioral-based detection: In an environment where network-layer and encrypted application-layer DDoS attacks are growing in frequency, complexity and severity, traditional defenses that rely on brute force mitigation mechanisms, such as volumetric detection, rate limiting and geo-blocking fall short. Instead, automated solutions that adapt in real-time and surgically block attacks without blocking incoming traffic should be a critical part of a defense strategy. This approach enables healthcare providers to more accurately distinguish between malicious and legitimate users and deliver better protection with lower false positives.
- Leverage cloud-based DDoS protection: Look for a cloud-based DDoS protection solution that routes network and application traffic through a security provider’s scrubbing centers or points of presence. This approach ensures that incoming connections undergo thorough inspection to prevent malicious requests from reaching vital networks and applications and that critical patient care systems stay up and running.
- Explore the advantages of a hybrid solution: Healthcare providers manage protected health information (PHI), which is subject to a variety of compliance requirements. The security of this data is paramount, which is why many organizations are hesitant to share the SSL/TLS encryption keys used to protect it with third-party vendors. To mitigate encrypted DDoS attacks while retaining control of the encryption keys, on-premise DDoS mitigation appliances can be deployed within the organization’s network. Combining cloud services with on-premise appliances can be an optimal solution for larger organizations with specific needs.
- Consider a managed security service for the heavy lifting: Given the often limited size of internal security and IT teams within healthcare organizations, many lack the expertise to handle massive DDoS attacks, particularly those targeting complex application-layer vectors. Enlisting a managed security service as part of a DDoS protection strategy can help healthcare organizations augment their resources during times of attack.
In a landscape where cyberattacks show no sign of abating, “good enough security” is no longer sufficient for safeguarding healthcare’s frontline. To shield the mission-critical infrastructure of today’s healthcare industry and guarantee uninterrupted patient care, DDoS protection must be comprehensive, automated, and tailored to confront next-generation cyber threats, regardless of their scale or complexity.
Neal Quinn
Neal Quinn is Head of Cloud Security Services for North America at Radware.