DDoS Attack Gives Hospitals Something to Think About


Healthcare is under pressure to move patient information into electronic health records, but a recent, massive distributed denial-of-service (DDoS) attack is causing health-care security experts to recommend that providers have enough hard copy information on hand to deliver care in the event that their internet connections are lost.

The attack on Dyn, a major domain name system host that orchestrates internet traffic from its New Hampshire base, began around 7AM and lasted for two hours, followed by a second and third attack, the last of which was mitigated without customer impact, according to a post on the Dyn site.

The attack involved tens of millions of IP addresses infected by the Mirai botnet—which enables a hacker to target and mobilize Internet of Things devices—and prevented internet users in some regions from accessing some Dyn customer sites, including some of the “marquee brands of the internet,” Dyn shared.

A report on the HCPro website named Twitter, Netflix and Amazon Web Services among the affected sites. Athena Health’s electronic medical record (EMR) services also reportedly went down during the attack for a time.

“If the network goes down because of a DDoS, the EHR may not be accessible, phone systems that rely on the internet may go down and so forth,” Chris Apgar, CISSP, told HCPro. “These lessons have been with us for some time but the industry has been very slow to address even basic information security requirements.”

Hence the warning that health care organizations should be prepared to operate without access to networked systems.  “Ensure clinical personnel have enough information to treat patients regardless of computer downtime,” William M. Miaoulis, CISA, CISM, told HCPro.

The Mirai botnet was the recent subject of an alert from the United States Computer Emergency Readiness Team.

A post on the Forbes website characterized the attack as a game-changer: “This suggests an immense rebalancing in the digital era in which anyone anywhere in the world, all the way down to a skilled teenager in his or her parent’s basement in a rural village somewhere in a remote corner of the world, can take down some of the web’s most visible companies and wreak havoc on the online world. That preliminary assessments suggest that the attack was carried out by private actors rather than a nation state only reinforces this shift in online power.”