Cybersecurity 911: How to protect healthcare’s front lines

As a result of recent shifts in global Distributed Denial-of-Service (DDoS) attack patterns, healthcare providers globally are facing a mounting number of cyber threats.

Historically, healthcare providers have been the target of financially motivated ransomware attacks aimed at extracting monetary payments from their victims. More recently, however, they have found themselves in the crosshairs of state-actors and hacktivist groups that are waging global DDoS campaigns for political and religious reasons. For example, in March and April of this year, hospitals in India were targeted by pro-Russian groups and Islamist hacktivist groups that brought down the websites of several hospitals in the Hyderabad area as well as the Indian Ministry of Health.

Regardless of the motivation behind the attacks, the end result is the same—the healthcare industry suffers. Patient care is disrupted. Availability of mission critical systems is threatened. And sensitive private data is exposed for the world to see.

To defend against bad actors who are getting smarter and attacks that are ever more sophisticated, healthcare providers need to rethink their cyber security strategies. Investing in a comprehensive DDoS protection solution built to adapt to a shifting cyber landscape is now imperative for healthcare’s front lines.

The risks to infrastructure, care, and reputation

The seamless operation of healthcare applications and services has become mission critical as patient care increasingly relies on technology and data accessibility. Gone unchecked, the rise of DDoS attacks poses a variety of threats to this balance.

Disruption of critical patient services: Healthcare institutions rely heavily on electronic health record systems, patient portals, and communication platforms for critical functions like patient care, scheduling appointments and accessing medical records. Any disruption to this digital infrastructure can hinder patient services.

Risk to patient safety: In healthcare, timely access to medical information and services is crucial for patient safety. DDoS attacks that disrupt access to patient records or medical devices can delay vital treatments and procedures, potentially endangering patients’ lives.

Data breaches: Some DDoS attacks serve as a smokescreen to divert attention while hackers attempt to breach an institution’s security and access sensitive patient data. These attacks can lead to data breaches and expose private patient information, resulting in legal and regulatory consequences, financial penalties, and damage to an institution’s reputation.

Financial losses: The costs associated with mitigating a DDoS attack, restoring services, and implementing additional security measures can be substantial. Moreover, the loss of revenue due to service disruptions and potential patient churn can further impact an institution’s bottom line.

Brand reputation damage: A successful DDoS attack on a healthcare institution can erode the trust and confidence of patients and partners. The negative publicity and perception of compromised data security may lead patients to seek care from competitors, impacting the institution’s reputation and market standing.

Compliance violations: Healthcare institutions are bound by strict regulations such as the Health Insurance Portability and Accountability Act (HIPAA) and the General Data Protection Regulation (GDPR). A DDoS attack that results in data breaches can lead to compliance violations and severe penalties, including fines and legal actions.

A get-well plan for healthcare

Healthcare institutions face serious challenges when it comes to protecting their digital infrastructure. To ensure networks and services remain accessible and resilient, here are a few best practices for defending against DDoS attacks:

Select DDoS protection with behavioral-based detection: As network-layer and encrypted application-layer DDoS attacks get more sophisticated, it is getting increasingly difficult for security teams to discern between legitimate and attack traffic. Traditional DDoS defenses that typically rely on brute force mitigation mechanisms, such as volumetric detection, rate limiting and geo-blocking, are no longer sufficient protection as they are prone to high levels of false positives and will block legitimate users. Defending against emerging generations of DDoS threats requires automated solutions that can adapt in real time, scale by a magnitude higher than any on-prem solution, and surgically block the attacks without blocking legitimate traffic. This approach focuses not only on traffic volumes but also on the behavioral characteristics of the incoming requests so healthcare providers can more accurately distinguish between malicious and legitimate users and deliver better protection with lower false positives.

As attackers increasingly leverage application-layer (L7) attack vectors, web DDoS protections, in particular, are important for healthcare providers because of the need to protect the availability of patient-facing web assets such as patient portals, information sharing, mobile applications, APIs, and other outbound-facing web assets.

Deploy always-on cloud DDoS protection: Look for an always-on cloud DDoS protection solution that routes network and application traffic through a security provider’s scrubbing center or point of presence. This ensures that incoming connections are inspected to prevent malicious requests from reaching a protected network or application and that critical patient care systems are always available.

Weigh the advantages of a hybrid solution: Healthcare providers handle patients’ protected health information (PHI), which is regulated by a variety of compliance requirements, including HIPAA, PHIPA, GDPR, and state and domestics laws. Because the stake in securing this data is so high, many healthcare organizations are very reluctant to share the SSL/TLS encryption keys used to protect it with third-party vendors. An on-premises DDoS mitigation appliance can help address these concerns. When deployed within the healthcare organization’s network, an on-premises appliance can mitigate encrypted DDoS attacks while keeping the SSL/TLS keys in-house and out of the hands of third-party cloud vendors. While cloud services are often recommended because of the scale their cloud scrubbing networks offer, combining them with an on-premises appliance is a good solution for larger organizations with specific needs.

Use a managed security service: Often the size of internal security and IT teams that support healthcare organizations are small, with primary staff and resources being focused on patient care. As a result, many healthcare providers lack the experience and personnel to deal with massive DDoS attacks, particularly those targeted at complex application-layer vectors. Utilizing a managed security service as part of a DDoS protection practice can help healthcare organizations extend their staff and ensure they are backed up by a strong security bench during times of attack.

The surge of cyberattacks in the healthcare industry shows no signs of slowing down. When it comes to defending healthcare’s mission-critical infrastructure and ensuring uninterrupted patient care, the reality is “good enough security” is no longer enough. To protect the front lines of today’s healthcare industry, DDoS protection must be comprehensive, automated, and tuned to handle next gen cyberthreats regardless of scale and complexity.

 

Nikhil Karan Taneja

Vice President and Managing Director for India, SAARC, and the Middle East

Radware