Killnet Group Targets U.S. Hospitals with Cyberattacks
EXECUTIVE SUMMARY
A pro-Russia hacktivist group is targeting American hospitals with Distributed Denial of Service (DDoS) attacks. Hospitals should review their cybersecurity defenses.
- The attacks use bots to overwhelm websites, networks, or systems.
- A DDoS attack may be a distraction to allow a ransomware attack.
- Other groups may be inspired to conduct their own attacks on hospitals.
Hospitals and health systems should review their defenses against the cyber breach known as Distributed Denial of Service (DDoS) in response to threats from the pro-Russia hacktivist group known as Killnet.
The criminal group recently called on its members to target specific healthcare providers in the United States.
More than a dozen hospitals have been hit by Killnet attacks, taking down forward-facing webpages and breaching protected health information (PHI), says Michael G. McLaughlin, JD, attorney with Baker Donelson in Washington, DC.
A DDoS attack uses bots to flood the targeted website, system, or network with thousands or hundreds of thousands of requests per second to overwhelm it, causing the system to crash and be unavailable for hours or days, explains Avery Dial, JD, partner with Kaufman Dolowich Voluck in Fort Lauderdale, FL.
“It’s really hard to prevent a DDoS attack because it takes advantage of natural inputs that you need for your business, something as simple as receiving email or someone typing a search query on your website or filling out some type of forms,” Dial says. “These are these natural interactions that you need the public to have with your website. Hackers use a network of machines they’ve infected with malware to access those services so that instead of getting 100 emails over the course of a day, the business is getting 100,000 emails.”
The Department of Health and Human Services Office of Information Security issued a warning about the Killnet DDoS attacks, noting the group “is known to launch DDoS attacks and operates multiple public channels aimed at recruitment and garnering attention from these attacks.”1
Prepare Alternative Methods
If a DDoS attack disables a hospital’s forward-facing webpage, that could affect appointment scheduling, prescriptions, and any other service patients access through the web portal. The hospital should be prepared to conduct those operations another way.
“Make sure you know what that forward-facing website is connected to. Is it connected to a server that you actually rely on for critical functions, like patient management or patient files, patient records — those types of things?” McLaughlin asks. “If a DDoS attack happens, those things go away, so you need to have a mechanism by which you can, No. 1, bring it back up, and No. 2, still provide that service.”
Perhaps an even bigger concern is the potential for a data leak. Even if a DDoS attack is only annoying and frustrating for a short while when a website crashes, that could be a distraction for another type of attack.
“The real concern is that a DDoS attack takes a lot of resources away from a cybersecurity team. What we have seen before is you’ll have a ransomware group conduct a DDoS attack against a target, and while the cybersecurity team is focused on that DDoS attack, then they’ll deploy the ransomware,” McLaughlin explains. “The cybersecurity team is focused on cleaning up DDoS attack and doesn’t recognize that there’s something else going on. That’s where the real problem arises when you’ve got patient data that are being encrypted or being stolen and threatened to be leaked.”
Smaller Hospitals Vulnerable
Many hospitals are unprepared for these attacks. “I think the vast majority of them will be caught short. The larger healthcare providers and healthcare systems tend to be more well-equipped because they’re going to have a lot of money, a lot of resources put into cybersecurity,” McLaughlin says. “As you start to get down the pecking order to individual clinics, smaller hospitals, and health systems, they’re just not going to have the resources to do the same things that the larger ones are going to do.”
Even if a hospital or health system is not targeted by Killnet, the group’s activity might spur others to attempt a DDoS attack on it, says John Gomez, chief security and engineering officer with CloudWave, a cybersecurity company based in Marlborough, MA.
“The problem now is that — as with anything in the cyberattack space — once somebody sees that this is pretty effective, they decide they can do the same thing, and do it rather cheaply. We’ll see others start popping up,” Gomez explains. “If you’re not a target for Killnet, there’s a very high probability that you are now a target by someone else. Typically, Killnet goes for larger hospitals or research centers where they can make a statement, but unfortunately, we’ve now seen that others are joining in. We don’t really have a way to classify their ideal target.”
REFERENCE
- HHS Office of Information Security. Pro-Russian hacktivist group ‘KillNet’ threat to HPH sector. Jan. 30, 2023.
SOURCES
- Avery Dial, JD, Partner, Kaufman Dolowich Voluck, Fort Lauderdale, FL. Phone: (954) 712-7442. Email: [email protected].
- John Gomez, Chief Security and Engineering Officer, CloudWave, Marlborough, MA. Phone: (855) 286-7787.
- Michael G. McLaughlin, JD, Baker Donelson, Washington, DC. Email: [email protected].
Hospitals and health systems should review their defenses against the cyber breach known as Distributed Denial of Service in response to threats from the pro-Russia hacktivist group known as Killnet. More than a dozen hospitals have been hit by Killnet attacks, taking down forward-facing webpages and breaching protected health information.
Subscribe Now for Access
You have reached your article limit for the month. We hope you found our articles both enjoyable and insightful. For information on new subscriptions, product trials, alternative billing arrangements or group and site discounts please call 800-688-2421. We look forward to having you as a long-term member of the Relias Media community.