RISKS

What happened

After listing nearly 50 healthcare providers in the US on its target list, the pro-Russia hacker group Killnet – known for its DoS (denial of service) and DDoS (distributed denial of service) attacks – claimed responsibility for a cyberattack that disrupted at least 22 hospital and health system websites across the US. Those hospitals and health systems reportedly included:

  • Michigan Medicine in Ann Arbor
  • Stanford (Calif.) Health Care
  • Cedars-Sinai Medical Center in Los Angeles
  • UPMC Presbyterian Shadyside in Pittsburgh
  • Thomas Jefferson University Hospitals in Philadelphia
  • Duke University Hospital in Durham, N.C.
  • Abrazo Arizona Heart Hospital in Phoenix
  • AtlantiCare in Egg Harbor Township, N.J.
  • Anaheim Regional Medical Center
  • Huntsville (Ala.) Hospital
  • Atrium Health in Charlotte, N.C.
  • C.S. Mott Children’s Hospital in Ann Arbor, MI
  • Buena Vista Regional Medical Center in Storm Lake, Iowa
  • Heart of the Rockies Regional Medical Center in Salida, Colo.
  • Siteman Cancer Center at Barnes Jewish Hospital and Washington University School of Medicine in St. Louis
  • AnMed in Anderson, S.C.
  • Banner Health (Phoenix)
  • Boulder City (Nev.) Hospital
  • CHA Hollywood Presbyterian Medical Center (Los Angeles)
  • ChristianaCare (Newark, Del.)
  • Presbyterian Healthcare Services (Albuquerque, N.M.)
  • University of Iowa Health Care (Iowa City)

Ukraine in the ongoing Russia-Ukraine war. Arrests have also been made which has led to retaliatory actions by the Killnet gang.

The ChristianaCare health network in Delaware was one example of a health system that reported a DDoS attack (which was attributed to Killnet), stating: “On January 31, 2023, ChristianaCare experienced a distributed denial-of-service (DDoS) attack on its main public website, christianacare.org, consistent with other incidents reported this week impacting health care organizations around the world… Our information technology team worked quickly to resolve the situation, and normal website service was restored within several hours.” It’s Killnet’s second coordinated attack on the US healthcare system in the past two months.

On December 23, the pro-Russian hacker gang successfully breached a US healthcare organization known for supporting US military personnel and threatened to expose the compromised patient data.

 

Why is this important?

Just when you thought the potential cyber impact of the Russia-Ukraine war was behind us, here’s a new threat to worry about. While attacks by Killnet rarely cause major damage, they can cause service outages for several hours, heavily impacting organizations sensitive to downtime, such as hospitals, which could lead to compromised patient care.

 

What does this mean to me?

Downtime – at the wrong time – could have a major impact on your organization. Understanding and assessing the risk of a DDoS attack and having an incident response plan (IRP) in place is your best defense to minimize that impact.

 

 

APPROACHES

Helpful Controls

 

Commonality of attack

High

 

Article on story

US Healthcare Sector Under Attack, Killnet Adds 50 Hospitals to Target List

 

 

HALOCK Security Briefing Archives: Updates on cybersecurity trends, threats, legislation, reasonable security, and more that impact your risk management program.

SCHEDULE YOUR FULL HALOCK SECURITY BRIEFING