Cyber Attacks: Are Healthcare Institutions Off Limits?
This post is also available in: 
עברית (Hebrew)
Isn’t the coronavirus crisis off-limits when it comes to cyberattacks? Apparently not. The US Health and Human Services Department suffered a cyber-attack on its computer system. The March 15 attack involved overloading the HHS servers with millions of hits over several hours. It was reportedly a distributed denial of service (DDoS) attack, which is a type of cyberattack but not a full breach. “We had no penetration into our networks, we had no degradation of the functioning of our networks,” Health and Human Services Secretary Alex Azar said.
This is not the first time that cybercriminals have targeted the U.S. healthcare system during the coronavirus pandemic, claims Robert K. Knake, an expert on cybersecurity, HLS, and digital policy at the Council on Foreign Relations, on cfr.org/blog. His message to cybercriminal: Hospitals are off-limits. During this time of crisis, the United States should counter such efforts with all available means.
While a foreign state is suspected in the attack, the administration hasn’t yet confirmed who it was.
“On Sunday, we became aware of a significant increase in activity on HHS cyber infrastructure and are fully operational as we actively investigate the matter,” said the spokeswoman, Caitlin Oakley. “We are coordinating with federal law enforcement and remain vigilant and focused on ensuring the integrity of our IT infrastructure.”
“HHS and federal government cybersecurity professionals are continuously monitoring and taking appropriate actions to secure our federal networks,” stated John Ullyot, a spokesman for the National Security Council, according to bloomberg.com.
A powerful DDoS attack requires a network of computers or botnets. Over the course of the past decade, these types of attacks have become increasingly popular as tools of political protest or weapons of disruption. As long as the attacker has enough bots in their arsenal, they can temporarily devastate their victim websites, which may be forced offline for hours or even days.
