Healthcare News & Insights

How hospitals can fight back against new hacker attacks

Protecting your hospital from hackers who are only looking to steal patients’ data is one thing. But there’s another cyber threat lurking that your hospital may not have even considered: distributed denial-of-service (DDoS) attacks.

178795084In a DDoS attack, hackers infiltrate an institution’s computer network for the sole purpose of denying access to users. The attacks can prevent patients outside a hospital from accessing its website – or keep doctors and clinical staff from being able to send and receive internal email.

DDoS attacks often have no real purpose except to cause havoc. But sometimes the perpetrators of these attacks use activism to justify their actions.

Example: After a story broke about a young patient being separated from her parents at Boston Children’s Hospital, online vigilantes from Anonymous, a well-known group of hackers, pledged to show support for the family by launching DDoS attacks to disrupt its network. The situation was described in more detail in a recent article from CIO magazine.

Boston Children’s managed to keep the impact from the attacks at a minimum, according to the article. No patient data was compromised, and while access to its e-prescribing system was limited, the hospital’s electronic health records (EHR) system wasn’t affected at all.

Protect your hospital from threats

DDoS attacks are becoming more common toward hospitals and other large institutions. While investing in a secure IT network can mitigate some of the risks of these attacks, they may not stop them completely.

Here’s how hospitals can prepare for a DDoS attack using this strategy taken straight from the playbook of Boston Children’s Hospital:

  • Know your system – including its capabilities and limitations. If your EHR is hosted on your hospital’s internal network, you’ll need another way to access patient data in case of a DDoS attack. (Tip: If your EHR is hosted on a cloud-based server or other external network, it still may be a good idea to ask your vendor how it would handle access if hackers attacked, and use its response to help craft your plan.) You’ll also need a Plan B if your e-prescribing system is hosted internally.
  • Have alternatives to email. If email is down, or if its security is compromised, you’ll need another way to communicate with staff. Boston Children’s used Voice Over IP communications, which allow staff members to communicate verbally over a secure online telephone-like network.
  • Be ready for total shutdown, if necessary. To contain the DDoS attacks and protect patient data, Boston Children’s took many of its network operations offline, including its e-prescribing system and its public website. Your hospital will need a plan for how it will continue to operate in this case.

Bottom line: Having a plan in place will both decrease the effects of a DDoS attack on your hospital and keep patients’ data from being compromised. And this will allow your facility to get back to its normal operations sooner, with fewer negative consequences.

Subscribe Today

Get the latest and greatest healthcare news and insights delivered to your inbox.