US Hospitals DDoS Attack, Websites Taken Down By Russian Hackers

By   Adeola Adegunwa
Writer , Informationsecuritybuzz | Jan 31, 2023 07:23 am PST

A cyberattack took down over a dozen US hospitals’ websites on Monday morning, which is being blamed on Russian hackers. A pro-Russian organization called Killnet claims to have taken down the websites of 14 US hospitals through distributed denial of service (DDoS) attacks over the previous year. These include the Duke University Hospital, Cedars-Sinai, and Stanford Healthcare.

Seven hospital websites were operational by 12 p.m. EST, according to DailyMail.com. Although the motive for targeting these particular websites is unknown, the hacking gang is well known for its attacks in countries like the US that have opposed Russia’s invasion of Ukraine. Airports, banks, and US defense firms have all previously been targeted by the Killnet.

Hospitals Compromised Across The Nation

Uncertainty exists on how the outage might have impacted internal hospital systems or patient care. The attack harmed no patient information, the University of Michigan. A DDoS attack this morning from Russian hacking gangs reportedly also had an impact on hospitals in the Netherlands. These assaults aim to overload a website’s servers by bringing it a deluge of traffic.

The IP address of a website will be simultaneously accessed by a network of devices, most of which are remotely controlled and infected with malware. By connecting thousands of devices to a website at once, hackers can overwhelm its servers. As a result, anyone attempting to access the affected website will be snarled in the “traffic congestion” of connected users and given an error message.

According to research, since 2016, the medical records of 42 million Americans have been compromised. Half of the hacks brought on midship delays, surgery cancellations, and issues with digital prescriptions. In October, KillNet launched a similar attempt against the largest US bank, JPMorgan Chase. The bank dismissed the attack and claimed it had no bearing on business as usual.

Some of the hospitals that were impacted appear to be in this situation; some even continued to post on social media during the attack without mentioning it.

Killnet’s Attacks Considered Sloppy And Designed To Frighten

Brett Callow, a threat analyst with the cybersecurity firm Emsisoft, is attempting to diminish public support for US intervention in Ukraine; last year, that the group’s goal may not be to cause disruption but rather to sow FUD (fear, uncertainty, and doubt) and undermine people’s confidence in the US government’s ability to protect critical infrastructure.

The following websites were affected by the hack but have since been restored:

  • Duke University Hospital (North Carolina)
  • Stanford Healthcare (California)
  • Cedars-Sinai Hospital (California)
  • The University of Pittsburgh Medical Center (Pennsylvania)
  • Jefferson Health (Pennsylvania)
  • Abrazo Health (Arizona)
  • Atlanticare (New Jersey)
  • Michigan Medicine and its associated Mott Children’s Hospital (Michigan)
  • Huntsville Hospital (Alabama)
  • Anaheim Regional Medical Center (California)
  • Hollywood Presbyterian Medical Center (California)
  • Buena Vista Regional Medical Center (Iowa)
  • Heart of the Rockies Regional Medical Center (Colorado)

The following hospitals were still experiencing issues as of 12 p.m. Eastern Time: Buena Vista Regional Medical Center in Storm Lake, Iowa; Anaheim Regional Medical Center (California); Hollywood Presbyterian Medical Center (California); Huntsville Hospital (Alabama); and Heart of the Rockies Regional Medical Center (Salina, Colorado). Other targets of prior attacks included Lockheed Martin, the government websites of Japan and Hungary, the Hartsfield-Jackson International Airport in Atlanta, Georgia, and Hartsfield-Jackson.

Conclusion

More than a dozen US hospitals’ websites were taken down by a cyberattack on Monday morning, for which Russian hackers have taken the blame. The websites of 14 US hospitals were reportedly taken down by Killnet, a pro-Russian organization known for distributed denial of service (DDoS) operations during the previous year. These include Cedars-Sinai Medical Center, Duke University Hospital, and Stanford Healthcare. By 12 p.m. EST, DailyMail.com discovered seven hospital websites were operational again. Although the hacking gang is well known for operations in countries like the US that have opposed Russia’s invasion of Ukraine, it is unclear why these specific websites were targeted. Prior Killnet targets in the US have included airports, banks, and defense contractors.

Subscribe
Notify of
guest
2 Expert Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Daniel Selig
Daniel Selig , Security Automation Architect
InfoSec Expert
February 1, 2023 9:38 am

Notorious Russian cybergang Killnet has claimed responsibility for a cyberattack that took down more than a dozen U.S. hospitals and medical centers’ online systems. While the direct connection has not yet been confirmed, the attack comes soon after President Biden’s decision to send 31 M1A2 Abrams tanks into Ukraine. This is not the first time that Killnet has launched cyberattacks on countries that have aided Ukraine in the war against Russia—last week, a plethora of German financial sector organizations, airports and public administration bodies were targeted by the cybercrime group in an extensive DDoS campaign. 

It goes without saying that cyberattacks on hospitals and medical centers are some of the most dangerous—these attacks have the ability to knock systems offline in their entirety and keep patients from receiving the care that they require. As tensions between Russia and Ukraine continue to heat up, it is essential that outside parties involved with defending Ukraine are properly prepared for Russian backlash as Killnet continues to target allies. 

It is important to be sympathetic to the challenges that these hospitals and medical institutions face—odds are stacked against many of these organizations, and it can be extremely difficult for them to keep up with ever-evolving threats and defend their critical systems. In fact, it is legally prohibited by the fourth convention of the Geneva Convention to attack civilian hospitals and medical transports, yet hospitals continue to face these threats far too often. Fortunately, automation continues to play a larger role in helping these organizations prioritize security and round out their defenses. To mitigate the repercussions of similar incidents and eliminate them entirely, organizations must prioritize robust security controls to thwart cybercriminals attempting to cause widespread disturbance. Leveraging low-code security automation enables these organizations to streamline security protocols and implement proper incident response to ensure complete protection, while also eliminating the chance of human error that may lead to internal access.

Last edited 8 months ago by Daniel.Selig
Raj Samani
Raj Samani , Chief Scientist and Fellow
InfoSec Expert
February 1, 2023 7:28 am

The attack on US hospitals again shows the clear impact that cyber-attacks can have on business availability. Actors such as Killnet, know that by hitting critical infrastructure industries such as airports, banks and hospitals, they can have wide-spread impacts on both businesses and ordinary citizens. 

Whilst DDoS is seen as a low level attack, the impact can still be significant nonetheless. Transparency about the attack from impacted victims could support mitigating the groups future attacks by blocking traffic further up the chain.

Last edited 8 months ago by Raj Samani

Recent Posts

2
0
Would love your thoughts, please comment.x
()
x