The Health Sector Cybersecurity Coordination Center (HC3) at the Department of Health and Human Services has published a DDoS manual for the healthcare industry that contains details on the danger and suggested mitigations to control the intensity and effect of DDoS attacks.
Distributed-Denial-of-Service (DDoS) attacks are a kind of attack that causes a flood of resource exhaustion. This entails using up the resources of a service, server, or system to block legit usage. These attacks usually use botnets of breached computer systems and IoT devices to send to a particular IP address a flood of traffic to overwhelm the service, server, or network. These attacks can prompt denial of service to regular visitors because of the log jam created by the massive amount of malicious traffic. These attacks normally trigger disruption for a couple of hours, but attacks may keep on for a few days.
These attacks generally only bring about short-term disruption to services and usually no data theft or damage to hardware is involved. However, attacks may be used as a cover-up to sidetrack security teams. When the security team deals with the DDoS attack, the threat actor tries to attack simultaneously – for instance by means of port scanning, a phishing attack, malware delivery or data theft.
DDoS attacks might possibly be carried out as well together with an extortion attack, in which the attacker issues a ransom demand and expects to receive payment to end the attack. HC3 states that these ransom DDoS attacks are more common today. The attacks had a 24% quarter-over-quarter increase and a 67% year-over-year increase. They are usually carried out on web apps like patient portal sites, webmail, patient tracking apps, and telehealth solutions.
A pro-Russian hacktivist group known as Killnet is presently targeting healthcare and public health (HPH). Killnet is launching DDoS attacks in nations that are supporting Ukraine. Hospitals and medical organizations are usually targeted. Though the group has given the warning to steal and expose sensitive patient information to the public, these statements may just be meant to seek attention. The DDoS attacks performed by the group in recent weeks seem to be not connected with any other malicious activity except that of prompting a denial-of-service attack on sites and web apps.
Although it is hard to stop targeted DDoS attacks, there are steps that can be done to control the seriousness and effect of DDoS attacks. Considering that attacks usually focus on websites and web apps, these assets should have proper security controls. HC3 Gives the following suggestions:
- Healthcare organizations must sanitize
- They must have more resource availability
- Cross-site scripting (XSS) and cross-site request forgery (XSRF) protections must be implemented
- The Content Security Policy (CSP) must be enforced
- Companies need to review third party codes
- Run static and dynamic security scanning of the website code and system
- Set up web application firewalls
- Take advantage of content delivery systems to keep malicious web traffic at bay
- Provide load balancing and resilience against big volumes of traffic.
Considering that threat actors usually employ SYN (synchronize), User Data Protocol (UDP), and Transmission Control Protocol (TCP) to bolster DDoS attacks, network defenders should also focus on these resources.
The advisory has a few other suggestions for stopping attacks, evaluating and minimizing attacks in progress, and enhancing security and incident response processes to reduce the damage that future attacks can cause.
HSCC & HHS Launch Guide to Aid Healthcare Companies Follow the NIST Cybersecurity Framework
The Health Sector Coordinating Council (HSCC) Cybersecurity Working Group together with the U.S. Department of Health and Human Services (HHS) published a new guide to aid healthcare companies line up their cybersecurity plans with the NIST Framework for Improving Critical Infrastructure Cybersecurity.
The NIST Cybersecurity Framework is a commonly followed framework for determining and controlling cybersecurity problems. The NIST released the framework in 2015 and updated it in 2018. The NIST CSF 2.0 will be released soon this year. The basis of the NIST CSF are the following five primary functions: Identify, Detect, Protect, Respond, and Recover.
All five functional areas have suggested cybersecurity controls to implement. The framework likewise consists of four tiers used to rate organizations according to their usage of the framework. This enables them to determine whether they are realizing their cybersecurity goals based on standards. The NIST CSF is what government organizations and private industry companies use as a standard cybersecurity framework for controlling cybersecurity threats.
Cybercriminal groups and nation-state actors commonly attack the healthcare sector. Healthcare organizations need to defend against more advanced threats. To do so, they need to address problems associated with fragmented infrastructures, obsolete systems, large numbers of applications, and the ever-growing number of network-linked medical devices. As a result, numerous healthcare companies have trouble handling cybersecurity efficiently.
HHS Assistant Secretary for Preparedness and Response, Dawn O’Connell, said that the fastest rising kind of cybercrime is healthcare cyberattacks. These jeopardize patient care, ruin the reliability of healthcare systems, and endanger the U.S. market. Healthcare companies need to protect their IT systems to avert attacks and develop a safe cyber lifestyle in the healthcare industry.
As per the HSCC, an all-inclusive cybersecurity framework like the NIST CSF will give a common language and framework for conversations about risk and the strategies and tools employed to handle risk to a degree that is acceptable both to the company and other stakeholders, for example, business partners, clients, and industry and federal regulators. Healthcare companies that tailor their cybersecurity plans on the NIST CSF could better deal with operational, capital, and resource allocations to businesses producing the biggest return on safeguarding assets/data and reducing exposure to risk.
Although the NIST CSF was created to be suited to companies of various sizes in different sectors, a number of healthcare companies found it hard to take on the framework. The Cybersecurity Framework Implementation Guide is supposed to aid healthcare companies to use the NIST CSF and explains specific actions that could be undertaken to promptly take care of cyber threats to their IT systems and better safeguard against the complete selection of cyber risks. The guide will enable healthcare companies to evaluate their present cybersecurity procedures and risks and determine breaks for remediation.
With double the number of data breaches now and nearly 400 ransomware attacks compared to the last five years, it is very clear that the healthcare sector must up its game, stated Bryan Cline, industry head for the guide and Lead Research Officer for HITRUST. Health sector stakeholders of different sizes and subsectors can minimize their exposure to cyber risk by using this resource and a lot of others created by the HSCC and government associates.
The NIST, the HSCC and the HHS, and other federal organizations jointly developed the Cybersecurity Framework Implementation Guide. This guide is an addition to a prior joint publication of the HHS/HSCC 405(d) Program called the ‘Health Industry Cybersecurity Practices’. This is in-line with the NIST Cybersecurity Framework. With this toolkit, companies of various sizes could carry out cybersecurity best practices, safeguard their patients, and make the industry tougher, stated HSCC Cybersecurity Working Group Chair and Intermountain Healthcare CISO Erik Decker.