Earlier this month, an internet outage affected public healthcare clusters in Singapore, including major hospitals and polyclinics, lasting more than seven hours from 9:20 am. Investigations identified that a distributed denial-of-service (DDoS) attack was the cause of the online service outage.

DDoS attacks on healthcare providers’ systems can be life-threatening. Fortunately, this particular disruption did not result in a compromise of data or internal networks. Patient care, clinical services, and access to records and appointment systems were uncompromised.

However, this incident highlights the critical need to secure healthcare networks. If systems are down, medical professionals cannot provide treatment or triage urgent care. Healthcare records are also attractive targets for cybercriminals given their potential for identity theft and fraud and their high value on the black market. 

This outage on Singapore’s public healthcare system disrupted service availability, which refers to the ability to access information immediately when using an application or website. In such instances, organizations usually adopt Site Reliability Engineering (SRE) practices and a security-by-design framework to enhance the uptime and availability of their IT infrastructure and services.

Site Reliability Engineering (SRE)

Site Reliability Engineering (SRE) is a set of software engineering practices to ensure IT infrastructures operate well, are reliable, and scalable. The SRE philosophy emphasizes building all systems with the assumption that they can potentially fail and focuses on designing them to self-heal and recover swiftly when such failures occur. 

Security by design 

A core concept of security by design is to identify potential risks that can impact the availability and security of a website or application. Common gaps in security often include inadequate technical controls to defend against threats like bots, DDoS attacks, zero-day vulnerabilities, and API exploits. It’s important to recognize that these issues are often interrelated, and when they occur together, they can lead to multi-vector attacks, which can be more challenging to defend against. 

In Imperva’s 2023 Imperva Bad Bot Report, it was revealed that in 2022, nearly half (47.4%) of all internet traffic came from bots in 2022, with over 30% of the internet traffic being bad bots. With the increasing sophistication of bad bots and automation, they now engage in multi-vector attacks. In a multi-vector attack, bots typically initiate a DDoS assault to flood the targeted system with a diverse blend of malicious network traffic. If the system successfully defends against the DDoS attack, the bots may then switch to other attack vectors, such as targeting specific software vulnerabilities or exploiting weaknesses in application layers. The objective of these malicious bots is to automate the threat exploitation process, overwhelming security teams and making it difficult for them to respond promptly, thereby increasing the likelihood of a successful attack.

Recommendations to the healthcare sector for patient safety

To minimize the risk of attacks, healthcare organizations should adopt strong security measures to protect against known vulnerabilities and defend their systems from cyber-attacks and other potential threats. 

Here are some recommendations organizations can consider: 

1. Conduct tabletop exercises and real-world simulations: Go beyond theoretical assessments and actively test the security controls to mimic real-world scenarios. These exercises are essential to ensure that security controls function as expected and can withstand actual threats and attacks.
2. Ensure website availability: When a website’s performance is affected, it can disrupt how patients access critical services. Investing in a strong Web Application Firewall (WAF) and a comprehensive security platform that guards against the latest threats, such as DDoS, Bot, and API attacks, will ensure patients and providers have uninterrupted access to critical information and services. 
3. Develop a service continuity response plan: Healthcare organizations must ensure they have a well-established incident response plan in place, including a crisis communication plan to inform patients and staff of the situation. A robust business continuity plan that includes system and data backups is also essential to avoid losing critical clinical data when a denial of service attack is used as a smokescreen for other cyber attacks. 
4. Create a unified security platform: In the fast-paced healthcare industry, adopting a single-stack security platform with integrated attack analytics enhances operational efficiency and time management. We recommend a unified platform that offers WAF, DDoS, Bot, and API protection to secure your organization against the latest OWASP threats.
5. Leverage technical partners: Collaborate with technology partners to address security gaps that an organization may need support to handle. These partners can offer both technological solutions and expertise to help the organization benefit from the latest security tools and knowledge.

The post Measures Healthcare Providers Can Take to Mitigate Disruptions appeared first on Blog.

*** This is a Security Bloggers Network syndicated blog from Blog authored by Daniel Toh. Read the original post at: https://www.imperva.com/blog/measures-healthcare-providers-can-take-to-mitigate-disruptions/