Recent warnings of cyber threats against healthcare organizations by the U.S. Health & Human Services Department might leave you wondering what action to take.
We outline what led to this advisory and how you can respond to protect your online systems from these types of attacks.
Why was this advisory issued?
Increased use of online systems in the healthcare sector have made cyberattacks a more pressing issue. DDoS attacks are one of the most common threats and this recent advisory further illustrates the need for organizations to reevaluate their level of security.
The advisory cites various cybercriminal groups and the tools they typically use to exploit public-facing healthcare applications. Data theft, ransomware and Distributed Denial of Service (DDoS) attacks are among the most common types used against healthcare organizations.
“The COVID-19 pandemic catalyzed a shift in targets from individuals to health and government infrastructure. DDoS attacks are extremely effective because they flood the victim’s network with traffic, rendering network resources, such as web applications, unusable. DDoS attacks also may serve as a foothold for threat actors to deploy more sinister malware while distracting victims.” US Health and Human Services Office of Information Security (HSS)
Although threats have increased in recent years, DDoS attacks aren’t new. In 2014, Boston Children’s Hospital had a DDoS attack that disrupted the hospital’s network, patient care and public-facing website for two weeks.
What does this mean for healthcare organizations?
If attackers launch a volumetric attack against a mission-critical web application that healthcare workers rely on to deliver patient care, the attack would be noticeable and potentially could threaten the lives of patients. More often, however, DDoS attacks are short in duration and sub-saturating; just enough to interrupt online availability/service, enabling threat actors to carry out other nefarious activities, such as opening the door to data theft.
The HHS advisory offers tips for healthcare organizations to prevent or mitigate cyberattacks, including automated vulnerability scanning, penetration testing and secure development methods.
Unfortunately the HHS only recommends web application firewalls (WAFs) to monitor, filter and block malicious traffic. However security experts agree that firewalls are insufficient protections when it comes to the damaging DDoS attacks that have become increasingly common.
Why don’t firewalls provide enough protection?
Firewalls of any type, even next generation ones, that claim to have protection built-in cannot effectively deal with DDoS attacks. The fact is, they are stateful by design and just cannot handle high volume state-exhaustion attacks.
At best, a firewall may overload, or freeze up and shut off all inbound traffic — including good customer traffic along with the bad attack traffic. At worst, a firewall could go into bypass mode and allow all traffic, good and bad, to flow. This puts the rest of the IT infrastructure, as well as data, at risk.
In contrast, real-time DDoS protection stops attacks before they can impact your network infrastructure, including other security devices, such as firewalls and Intrusion Prevention Systems. Healthcare organizations can implement an on-premises DDoS mitigation solution or, depending on the organization’s IT environment, it may make sense to get DDoS-protection as a service from their Internet Service Provider.
Most security software is designed as a one-fits-all solution and may not have the capabilities to meet the high-level security needs of healthcare organizations. By taking inventory of your security coverage and having the right tools to protect against all types of attacks, you’ll consistently keep your critical care online.
To understand how to stop DDoS attacks before they impact your network infrastructure, speak with one of our experts.