OCR Alerts Covered Bodies of Risk of DDoS Attacks

During the last few weeks, there has been a rise in Denial of Service (DOS) and Distributed Denial of Service (DDoS) attacks. The attacks involve inundating systems with information as well as requests to affect those systems to crash. The attacks have led to large parts of the Internet taken offline, electronic mail systems have stopped, and other computer equipment got out of action.

DDoS attacks on healthcare organizations might avoid patients from retrieving web facilities like patient portals during an attack, nevertheless, they can also avoid healthcare employees from retrieving systems that are vital for healthcare operations. Payroll systems, EHRs or even software-created medical tools such as MRIs and drug infusion pumps can potentially be made inoperative.

Not just do DDoS attacks prevent these systems from being retrieved, they can also lead to substantial hardware impairment and the price of repair can be substantial.

The scale of the new attacks has been shocking. Whereas previous year, DDoS attacks of the magnitude of 300 Gbps, a bit of a rarity, this year we have seen attacks executed more than 600 Gbps. One French hosting business registered a DDoS attack of 1Tbps.

The assailants behindhand the latest DDoS attacks have taken benefit of poor safety controls on IoT (Internet of Things) appliances such as the failure to modify default PINs. The appliances have been used to produce huge botnets – appliances infested with malicious software that are utilized to inundate systems with a rush of traffic.

The recent attacks have mostly used DVRs and surveillance cameras; nevertheless, any IoT appliance might be undermined and used for the attacks.

Hospices now have many IoT appliances connected to their systems, which can all possibly be undermined and added to botnets and utilized for attacks on other businesses, or for attacks on other methods used by hospices.

The attacks are likely to carry on. Further, when additional IoT appliances with feeble safety controls are fitted, the level of the attacks is likely to surge. Earlier healthcare businesses have been attacked and additional attacks are a distinct possibility.

This week, the Division of Health and Human Services’ OCR has made contacts with healthcare businesses to raise the consciousness of the danger as well as pressed to take steps to defend their systems from attacks and to take measures to thwart their IoT appliances devices from being attached to botnets.

There are numerous actions that healthcare businesses can take to defend their appliances – as well as their systems – from DDoS and DoS attacks.

Businesses must do scans of their systems for weak IoT appliances, constantly scan for undermined appliances, apply safety patches swiftly to deal with known weaknesses and alter all default PINs on every IoT appliance. Default PINs are easily found online or can be predicted.