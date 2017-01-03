The adoption connected medical devices and the Internet of Things (IoT) by healthcare organizations increases the responsibility for protecting health IT infrastructures against distributed-denial-of-service (DDoS) attacks becomes. DDoS attacks occur when an outside party overwhelms an organization’s bandwidth and resources with unsolicited traffic, which in turn makes online services unavailable.

For connected medical and IoT devices constantly exchanging data via a network connection, a DDoS attack will completely derail their operation. Cloud-based EHR and email systems are also rendered unusable, preventing clinicians from accessing with critical patient information and putting patients and their protected health information (PHI) at risk.

“An attacker may be able to deter patients or healthcare personnel from accessing critical healthcare assets such as payroll systems, electronic health record databases, and software-based medical equipment (MRI, EKGs, infusion pumps, etc.),” said the Office for Civil Rights (OCR) in a recent cybersecurity newsletter.

“The attacker may hijack or take control of a computer, forcing the computer to send out huge amounts of illegitimate data traffic to particular websites or send spam to particular email addresses,” OCR continued. “The attacker can also control multiple computers with malicious software (also known as botnets) to launch a DoS attack.”

According to Akamai’s quarterly State of the Internet: Security Report published in May 2016, DDoS attacks increased by almost 40 percent over the previous year, making them one of the most serious threats to healthcare data.

Mobile devices such as smartphones and IoT devices broaden the attack surface, making mobile and bring-your-own-device (BYOD) policies more important than ever. DDoS bots can target unprotected devices and use them to commence a DDoS attack.

DDoS attacks are common among hacktivists groups which are politically motivated attackers that conduct cyber-attacks against organizations that are high profile enough to serve as a platform for a cause to gain media attention.

A Institute for Critical Infrastructure Technology (ICIT) report states that while one may assume healthcare organizations are safe from hacktivist attacks because they do what is generally considered “good work”, many healthcare organizations are targeted because of their size and the amount of secure data available to steal.

The ICIT report suggests examining internal and external connections for different IT infrastructure systems to determine which systems are most at risk for DDoS attacks.