Russian hacker group Killnet claimed responsibility for a string of cyberattacks that took over a dozen hospital websites offline across the U.S. Among the affected websites are those of such big systems as Cedars-Sinai, Michigan Medicine, and UPMC.
Killnet tends to use DDoS (distributed denial of service) attacks, which occur when hackers block users from accessing information systems, devices, and networks.
The group has been active for at least a year, according to a recent analyst note released by the Department of Health and Human Services (HHS). It has been known to target countries that support and/or send resources to Ukraine, HHS said.
These DDoS attacks can cause service outages that last several hours or days, but they usually don’t cause major damage. Also, there is not much of a financial impact as these attacks are more of just a big headache for support and IT staff to handle.
Below is the list of hospitals and health systems whose websites were affected by the attack:
- Abrazo Arizona Heart Hospital (Phoenix)
- Anaheim (California) Regional Medical Center
- AnMed (Anderson, South Carolina)
- AtlantiCare (Egg Harbor Township, New Jersey)
- Atrium Health in (Charlotte, North Carolina)
- Buena Vista Regional Medical Center (Storm Lake, Iowa)
- Cedars-Sinai (Los Angeles)
- C.S. Mott Children’s Hospital (Ann Arbor, Michigan)
- Dartmouth Health Cheshire Medical Center (Keene, New Hampshire)
- Duke University Hospital (Durham, North Carolina)
- Heart of the Rockies Regional Medical Center (Salida, Colorado)
- Huntsville (Alabama) Hospital
- Michigan Medicine (Ann Arbor)
- Siteman Cancer Center at Barnes Jewish Hospital and Washington University School of Medicine (St. Louis)
- Stanford (California) Health Care
- Thomas Jefferson University Hospitals (Philadelphia)
- UPMC (Pittsburgh)
All of these providers could restore their websites within a day of the attack.
Generally speaking, DDoS attacks are much more prevalent in the gaming, government, and financial services sectors than in healthcare. Hospitals have usually focused their cybersecurity defense strategy on protecting their networks and connected devices from ransomware and phishing attacks, but DDoS could start to emerge as a formidable threat, according to Patrick Sullivan, CTO of security strategy at cybersecurity company Akamai.
While DDoS attacks usually don’t affect patient information, they can still be disruptive. Instead of getting the information they need from a website, patients flood health systems’ phone lines, and hospitals don’t have enough workers to field all those calls.
To protect against DDoS attacks, Sullivan recommends hospitals to conduct a tabletop exercise going over how they would respond in the event of an attack.
“That’s a pretty small investment where you can walk through the event, speak to an expert and understand what a typical attack looks like these days in terms of technique, size and scale,” he said. “You can then assess your ability to respond to that, both from the scale perspective, the technology perspective and human perspective.”
As an end user, you don’t have to worry much about DDoS attacks, except if you need to access information from a website that is affected by the attack. You should still use a VPN to protect your own Internet whereabouts cause, as you can see, it’s a crazy world out there. And getting crazier with the day.