As healthcare organizations update their technologies and pursue digital transformation, they heighten their network vulnerability by increasing their threat surfaces.
Healthcare organizations can make tempting targets for botnet owners with large IoT-based botnets that are capable of issuing large and complicated DDoS attacks. Often their goals move beyond sheer takedown of networks to include theft of personal data, ransomware and access to wider systems.
According to research published by Arbor Networks, ransomware used in conjunction with DDoS has risen to almost triple 2016 numbers with 14% of breached organizations experiencing a combined attack.
2016 was a record year for U.S. healthcare breaches – impacting among others, hospitals, dental clinics and senior care facilities. The top 10 data breaches resulted in the theft of over 13 million records. Consequently, the Dark Web was flooded with “fullz” (full packages of personally identifiable information) in addition to patient insurance information.
According to a Neustar report issued midway through 2017, DDoS attacks on the healthcare industry only kept growing with an increase in attacks of 13% across the last 12 months. 21% of those affected said they had experienced a loss in customer confidence following the attacks.
Last May, the U.K.’s National Health Service (NHS) was hit hard by a massive ransomware attack, which shut down 16 hospitals across the country. The attack froze systems and encrypted files, demanding Bitcoin in exchange for regained access to the encrypted files. The takedown led to a slue of cancelled appointments and widespread disarray as many hospitals were unable to access essential medical records. The U.K. declared WannaCry as the culprit. The same attack infected over 45,000 computers across 74 countries.
DDoS attacks are often at the forefront of such attacks as a result of the sophistication possible on large botnets. DDoS is used as a combination of attack vectors launched simultaneously as the front end of a campaign ultimately aimed at installing ransomware or stealthy malware that is able to steal network data.
DDoS attacks on the healthcare industry can literally be a matter of life and death. Until recently, many healthcare organizations have not put disruptive DDoS attacks high on their list of threats to mitigate as they largely occurred in other sectors, such as banking and gaming. However, increasingly healthcare organizations are reassessing their disaster recovery planning, widening their focus to include taking inventory of any internal system that is reliant upon Internet connectivity, which can be interrupted during a DDoS attack.