Few have had to adapt to the "next normal" as quickly as healthcare IT leaders. But the blossoming threat of distributed denial-of-service (DDoS) attacks and a healthcare data breach is promising even more disruption.
Overall, cyber security professionals have seen a spike in DDoS over the last several years—a fact that's largely been correlated with the explosion of the Internet of Things (IoT) and cloud computing. Contrary to some common belief, healthcare hasn't been immune. As rates of attacks have increased across the board, the risk—and stakes—of DDoS in healthcare have grown, too.
Those responsible for addressing a healthcare data breach should be ready to rethink their organizations as increasingly valuable targets, reassess the threat of DDoS attacks and update their best practices in combating this emerging healthcare cyber security risk.
The reward for DDoS perpetrators
As an industry, healthcare has enjoyed relative immunity from DDoS attacks—a cyber security threat often rooted in activism and competition, with malicious actors largely focused on what they believe are more deserving targets than health care workers.
But it still happens. In 2018, a hacktivist was convicted for launching a massive DDoS attack on Boston Children's Hospital that disrupted their network for at least two weeks. His motivation? Retaliation for the hospital's involvement in a contentious child custody case.
In another example, a Wisconsin pharmacist who intentionally destroyed 500 vials of the Moderna COVID-19 vaccine because he believed it was unsafe. With hospitals and other providers serving as primary distribution points, healthcare's safety from hacktivism and other sources of DDoS attacks is likely in jeopardy, as seen in an article by healthitsecurity.com.
The risk for healthcare providers and patients
When they choose to strike, most hackers don't prioritize patient health, with many being willing to shut down an entire network regardless of the consequences for vulnerable individuals.
In the past, to help organizations better understand what's at risk in a healthcare context, the Office for Civil Rights (OCR) has reached out through its newsletter, warning that "[a]n attacker may be able to deter patients or healthcare personnel from accessing critical healthcare assets such as payroll systems, electronic health record databases, and software-based medical equipment (MRIs, EKGs, infusion pumps, etc.)"
It's worth asking what these threats look like today during a pandemic and where an attack could cut already-stressed providers off from doing their jobs. DDoS attacks are designed to completely hamstring organizations. In healthcare, the cost of data healthcare breach means disrupting care, stopping the flow of revenue, interrupting regulatory compliance and leaving vulnerable patient records exposed.