by Neal Quinn, Head of Cloud Security Services, North America at Radware
In today’s healthcare landscape, the seamless operation of digital applications and services is mission-critical, with patient care increasingly dependent on technology and data accessibility. Any disruption to these data and systems can carry severe repercussions, endangering patient safety, compromising the integrity of sensitive data, and tarnishing healthcare’s reputation. This is why the surge in cyber threats has become such a critical concern.
The fact that healthcare is a prime target for cyber threats is not new. Traditionally, healthcare providers have been the center of financially motivated ransomware attacks. Ransomware is a type of malware that denies its victims access to data and computer systems, usually encrypting it until a ransom is paid to attackers.
What is newer, however, is that healthcare now attracts different types of bad actors with techniques and tactics of their own. Motivated by religion and politics, nation-state actors and hacktivist groups are building a reputation for launching global distributed denial-of-service (DDoS) campaigns to create a direct threat to public health and safety. A DDoS attack is designed to overwhelm the devices, services, and network of its intended target with fake internet traffic, rendering them inaccessible to legitimate users. For healthcare, this means vital digital services are down.
DDoS warning signs
Earlier this year, pro-Russian hacktivist group, Killnet and its affiliates coordinated a series of DDoS attacks against medical centers and healthcare facilities across the United States and Europe. According to the U.S. Health Sector Cybersecurity Coordination Center, more than 90 orchestrated DDoS attacks took aim at healthcare organizations across the U.S., including Level 1 trauma centers, in late January 2023 alone.
To keep healthcare organizations guessing, even DDoS attacks are evolving in sophistication. For example, a large hospital network was targeted by an international hacktivist group and hit by a new type of aggressive, layer 7, HTTPS Flood attack, also known as a Web DDoS Tsunami attack.
The hospital network experienced nearly a dozen major attack waves during a period of six weeks. The attacks consisted of short bursts under 10 minutes long with 30-50 thousand requests per second (RPS) each. Each attack wave pattern varied, requiring protection systems with a high degree of automation to dynamically adapt the signature to the attack pattern. Because the attacks masqueraded as legitimate web requests, they were also difficult to detect. What many healthcare organizations don’t realize is that traditional protections based on pre-existing signatures or rate-based detections are not designed to defend against this emerging type of attack without blocking legitimate traffic.
Understanding organizational risks
Regardless of the attacker, their motivations or tactics, the end result looks the same for healthcare. The availability of mission-critical systems is threatened; patient care is disrupted; and sensitive data is exposed. Key areas of organizational risk include:
A prescription for DDoS protection
As malicious actors get smarter and more adept, healthcare providers face an urgent imperative: to rethink their cybersecurity strategies and systems. To uplevel defenses against the emerging generation of DDoS attacks that are currently targeting healthcare, here are some important factors to consider:
In a landscape where cyberattacks show no sign of abating, “good enough security” is no longer sufficient for safeguarding healthcare’s frontline. To shield the mission-critical infrastructure of today’s healthcare industry and guarantee uninterrupted patient care, DDoS protection must be comprehensive, automated, and tailored to confront next-generation cyber threats, regardless of their scale or complexity.