Protecting Healthcare Institutions From DDoS And Ransomware Attacks

By Susan Biddle, Sr. Director of Healthcare, Fortinet

Healthcare organizations understand network uptime is a critical (if not the most critical) component to organizational success in today’s digital age. Networks allow for EHRs to be accessed, life-critical applications to be run, and research to be conducted.

Cybercriminals also understand all of these things are true, which puts the industry near the top of their lists of targets and why we’ve recently seen an uptick in DDoS and ransomware-related attacks making headlines and putting the industry on high alert.

Let’s take a closer look at some of the ways DDoS and ransomware attacks have been used against the industry and why healthcare organizations are on the lookout.

1. DDoS Attack On The Internet of Things
   The Internet of Things (IoT) has the technical capabilities to bring patient care and the healthcare industry’s operational efficiency to new heights. However, as the digital landscape grows, so too does the number of vulnerabilities.

In fact, the IoT very recently experienced what is being called one of the largest DDoS attacks that’s ever been conducted. The attack focused on more than 100,000 Internet-connected devices, including webcams and routers, and flooded them with data. As a result, many major websites were brought offline.

The cybercriminals that conducted the attack identified weaknesses in the IoT devices (manufacturer passwords that had not been reset), which has many within the healthcare industry worried that their devices could be next.

What is the potential impact on healthcare? Many of today’s Internet of Medical Things (IoMT) devices are created with convenience and usability top of mind. It’s important for those in the healthcare industry to understand that failing to prioritize security could open the door for attackers to target devices with DDoS attacks that could knock entire organizations offline.

2. DDoS Attack On A Hospital Website
   The rise of attacks on IoT devices does not spell the end for “classic” DDoS attacks that directly target websites. There have been a number of recent DDoS attacks on healthcare organizations, but one attack from 2014 comes readily to mind due to the severity of its outcome.

One of the largest children’s hospitals in the country was the target of a DDoS attack over a seven-day time span. The hospital’s website was unreachable at the time and, even worse, research and day-to-day operations at the hospital were slowed to a near- halt as hundreds of thousands of dollars were spent to mitigate and respond to the attack.

Downtime in the healthcare industry can be life-threatening. When DDoS attacks knock websites and networks offline, hospitals are unable to access electronic health records, conduct research, control IoMT devices, and more. Healthcare organizations need to ensure they have incident response plans in place should an attack take them offline.

3. Ransomware Attack On A Hospital Network
   In addition to DDoS attacks on the IoMT and hospital networks, the healthcare industry is also being strongly targeted by ransomware attacks. Rather than flooding a server with web traffic to bring it down, these attacks encrypt website data and the cybercriminals behind the attacks demand a sum of money to “unlock” the data.

A ransomware attack in the spring of 2016 was conducted on a regional hospital in which the cybercriminals asked for more than $15,000 in bitcoins to gain back control. Weakly protected web app servers were reportedly the attackers’ primary entry points, and from there, malicious code was implemented in the system.

Cybercriminals are aware that hospitals and other healthcare organizations are heavily reliant on internet connectivity and access to EHRs. With this in mind, ransomware attacks will likely continue to be conducted, with cybercriminals hoping organizations will give in to their financial demands.

Considerations For A Healthier Network
For the last decade, organizations have been trying to protect their networks by building defenses across the borders of the network. This includes the Internet edge, perimeter, endpoint, and data center (including the DMZ). This “outside-in” approach has been based on the concept that companies can control clearly defined points of entry and secure their valuable assets. The strategy was to build a border defense as strong as possible and assume nothing got past the firewall.

As organizations grow and embrace the latest IT technology such as mobility and cloud, the traditional network boundaries are becoming increasingly complex to control and secure. There are now many different ways into an enterprise network.

Not long ago, firewall vendors marked the ports on their appliances “External” (Untrusted) and “Internal” (Trusted). However, advanced threats use this to their advantage because, once inside, the network is very flat and open. The inside of the network usually consists of non-security-aware devices such as switches, routers and even bridges. So, once you gain access to the network as a hacker, contractor or even rogue employee, then you get free access to the entire enterprise network including all the valuable assets.

To help mitigate these issues, the security industry has developed a new class of firewall that sits at strategic points of the internal network and has the ability to segment the information. It may sit in front of specific servers that contain valuable intellectual property or a set of user devices or web applications sitting in the cloud.

Once in place, internal segmentation firewalls provide instant “visibility” to traffic traversing into and out of that specific network asset. Additionally, these firewalls should also provide “protection” because detection is only a part of the solution. As opposed to sifting through logs and alerts that can take weeks or months, next-generation firewalls deliver proactive segmentation and real-time protection based on the latest security updates.

Finally, an internal segmentation firewall should be flexible enough to be placed anywhere within the internal network and integrate with other parts of the enterprise security solution under a single pane of management glass.

Staying Ahead Of The Threat
As we see from today’s reported breaches, DDoS and ransomware attacks are becoming some of the most common and dangerous threats healthcare IT teams are faced with. As these threats continue to evolve, organizations will need to invest in DDoS and ransomware protection solutions that are just as dynamic. Today’s advanced internal segmentation firewalls can detect and protect against network invaders before a disaster strikes, enabling healthcare organizations to focus on what they do best: providing cutting-edge care while safeguarding sensitive patient data.

About The Author:

Susan Biddle is the Sr. Director of Healthcare at Fortinet. She is a high technology and healthcare marketing executive with over 15 years’ experience driving new solutions from concept to market, managing diverse cross-functional teams and developing highly-effective marketing programs. Biddle is a results-oriented professional with expertise in strategic planning, market segmentation and research methodologies. She has a strong background in product & solutions marketing, demand generation and key IT infrastructure solution areas for the health and life sciences industry, such as translational research, digital health and connected care.