Last week, the Health Sector Cybersecurity Coordination Center (HC3) issued a report letting healthcare organizations know that they are still being heavily targeted by KillNet, a Russian group of cybercriminals.
The hacker gang operates mainly through distributed denial-of-service (DDoS) attacks, which occur when hackers block legitimate users from accessing information systems, devices and networks.
With the Rise of AI, What IP Disputes in Healthcare Are Likely to Emerge?
Munck Wilson Mandala Partner Greg Howison shared his perspective on some of the legal ramifications around AI, IP, connected devices and the data they generate, in response to emailed questions.
KillNet began launching DDoS attacks on the U.S. healthcare sector in December, according to the report. These attacks typically cause service outages that last several hours or days.
The group targets Russia’s geopolitical enemies, specifically NATO countries that support Ukraine. In late January, KillNet claimed responsibility for a string of more than 90 DDoS attacks that took hospital websites offline across the U.S., affecting health systems such as Cedars-Sinai, Michigan Medicine and UPMC. The cyberattacks came just days after President Biden announced that the U.S. will send 31 Abrams tanks to help equip Ukrainian soldiers.
While KillNet’s DDoS attacks cause significant service outages, they usually don’t cause major damage, according to the report. There’s not much of a financial impact — these attacks are more of just a big headache that’s difficult for support and IT staff to handle.
Historically, DDoS attacks have been much more prevalent in the gaming, government and financial services sectors than in healthcare, said Patrick Sullivan, chief technology officer of security strategy at cybersecurity company Akamai, in a previous interview with MedCity News.
A Personalized Approach to Medication Nonadherence
At the Abarca Forward conference earlier this year, George Van Antwerp, managing director at Deloitte, discussed how social determinants of health and a personalized member experience can improve medication adherence and health outcomes.
Even though DDoS attacks typically don’t affect patient information, they can still be disruptive. People flood health systems’ phone lines when the website is unreachable, and hospitals don’t have enough workers to field all those calls.
Hospitals usually focus their cybersecurity defense strategy on protecting their networks and connected devices from ransomware and phishing attacks, but DDoS from groups like KillNet are beginning to emerge as a formidable threat, Sullivan pointed out.
HC3’s report suggested that this threat shouldn’t be ignored, as KillNet’s campaign against the U.S. healthcare sector seems to be going strong. On March 17, Microsoft issued an alert that KillNet had been targeting healthcare applications using Microsoft Azure infrastructure for more than three months.
Microsoft measured the number of daily attacks waged against healthcare organizations in Azure between November 18 and February 17, finding a major increase — from 10-20 attacks per day in November to 40-60 attacks per day in February.
Microsoft also analyzed which types of healthcare companies were affected by the attacks that took place over this time period. Thirty-one percent of all attacks were waged against life sciences companies, 26% affected hospitals, 16% affected payers, and 16% affected health services companies.
HC3’s report told healthcare organizations “there is no single action” they can take to protect themselves from cybercriminal gangs like KillNet.
To minimize the threat of DDoS attacks, Microsoft recommended that healthcare organizations enable Azure protection features such as Azure WAF and Azure Front Door. The company also suggested that healthcare organizations simulate DDoS attacks and create a DDoS response plan.
Photo: kentoh, Getty Images
