The healthcare and public health (HPH) sector has been warned about the risk of cyberattacks by a pro-Russian hacktivist group dubbed KillNet, following a recent attack on a U.S. healthcare organization. KillNet is believed to have started operating around the time that Russia invaded Ukraine, between January and March 2022. Since then, the hacktivist group has targeted government institutions and private sector organizations in countries that are providing support to Ukraine, especially NATO countries.
KillNet primarily conducts distributed denial of service (DDoS) attacks. DDoS attacks involve flooding servers and websites with thousands of connection requests from compromised devices to deny access to legitimate users of those servers and websites. These attacks can last for several hours or even days, during which time the servers/websites will run slowly, with prolonged attacks causing outages that can last for several days. Generally, these attacks do not cause any major damage to hardware.
Members of the group have threatened to target organizations in the U.S. healthcare sector in response to the U.S. policy of providing support to Ukraine. Those threats include cyberattacks, data theft, and the publication of the health data of Americans. In December 2022, KillNet claimed responsibility for a cyberattack on a large U.S. healthcare organization that provides healthcare to members of the U.S. military and claims to have stolen a large amount of user data.
Members of the group have threatened to conduct attacks on organizations in other countries if their demands are not met. For instance, in response to the arrest of a suspected member of the KillNet group in Romania in May 2022, a member of the group threatened to target the UK Ministry of Health and claimed attacks would be conducted on life-saving ventilators in British hospitals.
The Health Sector Cybersecurity Coordination Center (HC3) says the group has a tendency to exaggerate, so any claims made by the group should be taken with a pinch of salt. HC3 says it is possible that some of the claims made by members of the group have been to garner attention from the public and across the cybercriminal underground. That said, the group is considered to be a threat to government and critical infrastructure organizations, including organizations in the HPH sector. HC3 has suggested some practical steps for HPH sector organizations to take to mitigate the risk of DDoS attacks, which are detailed in the KillNet Analyst Note.
The post HPH Sector Warned About Threat of DDoS Attacks by Pro-Russian Hacktivist Group appeared first on HIPAA Journal.