As internet usage in the UK more than doubled in 2020, due to the implementation of pandemic-driven stay-at-home measures, cybercriminals have taken advantage. In fact, 2020 saw a record-breaking number of Distributed Denial-of-Service (DDoS) attacks with over 10 million total attacks worldwide. These attacks took place in an attempt to significantly hinder the availability and performance of online services, by deliberately overwhelming them with traffic.
This trend continued during the first quarter of 2021, in which there were just under 3 million DDoS attacks globally, representing a 31 percent increase from the same period of time in 2020. When looking at the healthcare industry specifically, NETSCOUT’s ATLAS Security Engineering & Response Team observed that healthcare organisations were struck by 8,400 DDoS attacks in the first quarter of 2021. This figure represents a 53 percent increase year over year.
With countries around the world focusing resources on COVID-19 vaccine developments and rollouts – as well as continuing to fight the virus on the frontline – this has made the healthcare industry a prime target for malicious threat actors launching DDoS attacks.
What makes the healthcare industry an enticing target for cybercriminals?
Historically, IT investments in the healthcare sector prioritised medical equipment rather than cybersecurity systems, with most investments being made in medical equipment and technology as opposed to cybersecurity systems and solutions. This lack of investment in cybersecurity makes the industry vulnerable to DDoS attacks, as these types of attacks rely on the victim having either none or an inadequate form of DDoS protection installed.
Adding to this, the rapid digital transformation of so many businesses across the world brings additional complexity and risk, which has left healthcare providers in an alarming position when it comes to coping with IT security challenges, such as DDoS attacks. This is because digital transformation has modified cybersecurity needs in some essential ways. For example, healthcare institutions now have an expanded attack surface for threat actors to target, due to applications and data moving into the digital environment. This presents a great opportunity for attackers as they now have more potential entry points to target, which makes it hard for organisations to keep across all the potential threats and vulnerabilities. Further to this, the speed and regularity at which modern day technology changes, makes it challenging for healthcare organisations to keep pace with cybersecurity processes. Meanwhile, digital transformation has also had a major impact on the cybercriminal industry itself, with threat actors now launching more sophisticated and complex attacks.
The combination of the lack of investment in IT security, pandemic-driven digital transformations, along with the scale of challenges related to the ongoing global health crisis, has created the perfect storm for cyberattackers. This has meant that the healthcare sector has not been as prepared to defend its already under-developed IT infrastructure from opportunist threat actors who have taken advantage of the enormous amount of pressure that the industry is under.
How can the healthcare industry protect itself?
If healthcare organisations are not adequately protected from DDoS attacks, this leaves them exposed and at risk. DDoS attacks can stop legitimate network requests from getting through which disrupts online healthcare operations, threatening patient safety in some cases and causing facilities to lose money. Large-scale attacks can harm the reputation of the organisation too. Therefore, with a significant number of DDoS attacks against the healthcare industry continuing to take place, it is vital for healthcare facilities to implement the necessary measures to prevent themselves from falling victim to DDoS attacks.
One way in which healthcare facilities can defend themselves is to deploy a strong and effective DDoS mitigation system. Healthcare organisations that have appropriately prepared to defend their online infrastructure by implementing a powerful DDoS defence system have experienced very few issues with regards to DDoS attacks.
It is also vital for healthcare organisations to test their DDoS defence system on a semi-regular basis. This ensures that any adjustments made to an organisation’s online infrastructure will be a part of its DDoS mitigation strategy, and that all online infrastructural elements are protected against attacks. For example, if a healthcare institution has its application servers adequately protected, only for its web servers to be neglected, this can put the organisation at risk.
In addition to this, staff at healthcare facilities should remain vigilant if they receive an email which includes suspicious-looking file attachments. In such circumstances, it is recommended to scan the file using pre-installed antivirus software before opening it. Furthermore, hospitals and other healthcare organisations can protect their online infrastructure from DDoS attacks by commissioning the services of a specialist IT security company. This is worth doing as firewalls, gateways and other security systems are unable to defend organisations’ IT infrastructure from DDoS attacks. By calling on the help of a company that specialises in defending against these types of attacks, healthcare facilities are making use of the only such experts that know how to detect, block and resolve DDoS attacks.
Cybercriminals thrive during times of great uncertainty, and DDoS attacks are becoming more and more complex as threat actors continue to discover and weaponise new attack vectors. These new attack methods have been designed in an attempt to exploit the weaknesses exposed by the substantial digital shift that has taken place since the beginning of the COVID-19 pandemic. As such, it is vital for the healthcare industry and security experts to educate themselves and stay vigilant in order to protect the crucial infrastructure that connects and enables modern healthcare.
By Richard Hummel, ASERT Threat Intelligence Lead for NETSCOUT