Recent DDoS attacks on healthcare organizations highlight the need to secure their IT networks against cybercriminals on the hunt for valuable healthcare data.
On 1 November 2023, an internet outage affected public healthcare clusters in Singapore, including major hospitals and polyclinics, lasting more than seven hours. Fortunately, the disruption did not result in a compromise of data or internal networks. Patient care, clinical services, and access to records and appointment systems were uncompromised.
However, this incident highlights the critical need to secure healthcare networks. Healthcare records are attractive targets for cybercriminals given their potential for identity theft and fraud, along with their high value on the black market.
The outage disrupted service availability, which refers to the ability to access information immediately when using an application or website. In such instances, organizations usually adopt Site Reliability Engineering (SRE) practices and a security-by-design framework to enhance the uptime and availability of their IT infrastructure and services.
Site Reliability Engineering (SRE) is a set of software engineering practices to ensure IT infrastructures operate well, are reliable, and scalable. The SRE philosophy emphasizes building all systems with the assumption that they can potentially fail and focuses on designing them to self-heal and recover swiftly when such failures occur.
Security by design
A core concept of security by design is to identify potential risks that can impact the availability and security of a website or application. Common gaps in security often include inadequate technical controls to defend against threats like bots, DDoS attacks, zero-day vulnerabilities, and API exploits.
It’s important to recognize that these issues are often interrelated, and when they occur together, they can lead to multi-vector attacks which can be more challenging to defend against.
In Imperva’s 2023 Imperva Bad Bot Report, it was revealed that in 2022, nearly half (47.4%) of all internet traffic came from bots in 2022, with over 30% of the internet traffic being bad bots.
With the increasing sophistication of bad bots and automation, bad actors now engage in multi-vector attacks.
In a multi-vector attack, bots typically initiate a DDoS assault to flood the targeted system with a diverse blend of malicious network traffic. If the system successfully defends against the DDoS attack, the bots may then switch to other attack vectors, such as targeting specific software vulnerabilities or exploiting weaknesses in application layers. The objective of these malicious bots is to automate the threat exploitation process, overwhelming security teams and making it difficult for them to respond promptly, thereby increasing the likelihood of a successful attack.
Recommendations for patient safety
To minimize the risk of attacks, healthcare organizations should adopt strong security measures to protect against known vulnerabilities and defend their systems from cyber-attacks and other potential threats.
Here are some recommendations these organizations can consider:
- Conduct tabletop exercises and real-world simulations: Go beyond theoretical assessments and actively test the security controls to mimic real-world scenarios. These exercises are essential to ensure that security controls function as expected and can withstand actual threats and attacks.
- Ensure website availability: When a website’s performance is affected, it can disrupt how patients access critical services. Investing in a strong Web Application Firewall (WAF), coupled with a comprehensive security platform that guards against the latest threats, such as DDoS, Bot, and API attacks, will ensure patients and providers have uninterrupted access to important information and services.
- Develop a service continuity response plan: Healthcare organizations must ensure they have a well-established incident response plan in place, including a crisis communication plan to inform patients and staff of the situation. A robust business continuity plan that includes system and data backups is also essential to avoid losing critical clinical data when a denial of service attack is used as a smokescreen for other cyberattacks.
- Create a unified security platform: In the fast-paced healthcare industry, adopting a single-stack security platform with integrated attack analytics enhances operational efficiency and time management. We recommend a unified platform that offers WAF, DDoS, Bot, and API protection to secure your organization against the latest OWASP threats.
- Leverage technical partners: Collaborate with technology partners to address security gaps that an organization may not be able to handle on its own. These partners can offer both technological solutions and expertise to help the organization benefit from the latest security tools and knowledge.