Hospitals urged to tighten DDoS defenses after health data found on Killnet list
The Killnet hacktivist group is actively targeting the health sector with DDoS attacks, claiming to have successfully exfiltrated data from a number of hospitals within the last month, according to a Department of Health and Human Services Cybersecurity Coordination Center alert.
In fact, users found and publicly shared global health and personal information belonging to global health organizations on the alleged Killnet list on Jan. 28.
John Riggi, the American Hospital Association’s national advisor for cybersecurity and risk, warned that “As of today, we understand that some of the named entities were, in fact, targeted by DDoS attacks.”
However, the impact of the activity was found to be “minimal and temporary with no impact to care delivery services,” he added. Although DDoS attacks don’t typically cause significant damage, the traffic surges brought on by these cyberattacks can cause website outages that can last for several hours or days.
As such, provider entities should ensure they have adequate DDoS protection for their web hosting.
Killnet is notorious for launching DDoS attacks with “thousands of connection requests and packets to be sent to the target server or website per minute, slowing down or even stopping vulnerable systems,” according to a December HC3 alert that followed a successful attack on a U.S. healthcare entity.
The group operates multiple public channels for recruitment purposes and has suspected ties with Russian government organizations like the Russian Federal Security Service (FSB) or the Russian Foreign Intelligence Service (SVR). But the connections have not been confirmed.
What’s clear is that the group’s senior members have extensive experience with deploying DDoS attacks, having “previously operated their own DDoS services and botnets. Most of these operations rely on publicly available DDoS scripts and IP stressers.
But researchers are divided on the group’s impact, noting the group has failed at pivoting their attack models. In October, for example, Killnet successfully blocked the infrastructure of J.P. Morgan but was unable to disrupt the bank operations.
The Department of Justice seized 48 internet domains tied to some of…
