How Denial-of-Service Attacks Affect the Healthcare Industry
Thinking you’ll never have to deal with a denial-of-service (DoS) attack because you work in health care could be a costly mistake.
DoS attacks—which commonly occur when an attacker inundates a server with requests—don’t just happen in the financial industry. HIT Exchange spoke with Pete Shelkin, CISSP, FHIMSS, president of Shelkin Consulting, LLC, in Albuquerque, N.M., about the issue of DoS attacks in health care.
How prevalent are DoS attacks in the healthcare industry?
The healthcare industry is no different than any other industry when it comes to susceptibility to attacks. However, I believe attackers often choose targets based on whether there is a chance of monetary gain—for example, an enterprise whose revenue is dependent on high volumes of online transactions with a large customer base might be coerced into paying a ransom of sorts to stop an attack. While many other industries are more vulnerable in this regard, the healthcare industry must still be concerned about DoS attacks because the possibility for them to occur always exists.
How can DoS attacks harm a medical facility or practice?
Rapid, reliable access to electronic patient records is essential to providing care, especially in emergency situations. Any situation that disrupts access to data and records potentially disrupts delivery of care, too. In addition, there is a certain amount of risk to the integrity of some telemetry data if latency issues are brought on by an attack. Finally, given that most claim submissions are now electronic, disruption to network services can also disrupt cash flow.
When crafting policies and purchasing/implementing solutions, include as many factors as possible within the scope of your efforts and get the most value for your efforts.
What are the signs of a DoS attack?
The first signs will be slow response times from programs and high failure rates of certain services, such as HTTP. The phones at your service desk will begin ringing with users complaining about these and other performance-related issues. Once your engineers start looking at your network and servers, they will see an unusually high number of connection requests and high CPU utilization rates. They will then notice that certain IP addresses are responsible for the majority of connection requests. These are sure signs a DoS attack is underway since individual systems typically don’t make more than a few connection requests at any given time.
What can medical facilities or practices do to protect themselves against DoS attacks?
While there are no guaranteed ways to prevent DoS attacks or to completely fight one off should it occur, certain things can be done to minimize security risks. These measures include having and enforcing good security policies, possessing a solid security perimeter that uses firewalls to do ingress/egress filtering, and making use of an effective host-based intrusion detection system (either your own or through a service provider). When crafting policies and purchasing/implementing solutions, include as many factors as possible within the scope of your efforts and get the most value for your efforts.
