Pro-Russian Hacking Group Conducting DDoS Attacks on U.S. Hospitals

By | January 31, 2023

The pro-Russian hacking group, Killnet, is conducting a campaign of Distributed Denial of Service (DDoS) attacks on U.S. hospitals in apparent retaliation for U.S. support of Ukraine. The attacks started a few days after the United States and other countries agreed to provide tanks to Ukraine to help with the fight against the Russian invasion.

Killnet is a hacktivist group that has been active since at least January 2022 and its activities are connected to the Russian invasion of Ukraine. While the group’s views align with Russia, connections to the Russian Federal Security Service (FSB) and Russian Foreign Intelligence Service (SVR) have not been confirmed. The group is known for conducting denial of service (DoS) and DDoS attacks on government institutions and private organizations in countries providing support to Ukraine.

The attacks involve flooding hospital servers and websites with thousands of connection requests and packets per minute, causing the systems to slow down. In some cases, the attacks have rendered servers and websites temporarily unavailable. DDoS attacks are generally short-lived, but disruption can continue for several hours or days. While these attacks cause disruption, it has been suggested that Killnet is attempting to create fear, uncertainty, and doubt in the ability of governments to protect against cyberattacks.

In 2022, the group conducted DDoS attacks on government websites and private companies in Romania, Germany, Georgia, Italy, the Czech Republic, and Japan. In the United States, the group attacked the American defense firm Lockheed in retaliation for the provision of the HIMARS systems to Ukraine, and several attacks were conducted on U.S. airports in October. A senior member of the group, known as Killmilk, issued a threat to the U.S. government claiming attacks would be conducted on healthcare providers to obtain the sensitive personal data of Americans in retaliation for the policy of the U.S. Congress with respect to Ukraine.

While those threats do not appear to have materialized, the group’s latest DDoS campaign has seen at least 15 hospitals and health systems targeted, including University of Michigan Health, Stanford Healthcare, Banner Health, Anaheim Regional Medical Center, Atrium Health, Hollywood Presbyterian Medical Center, University of Pittsburg Medical Center, Jefferson Health, Abrazo Health, Duke University Hospital, Buena Vista Regional Medical Center, Heart of the Rockies Regional Medical Center, University of Iowa Hospitals and Clinics, and Cedars-Sinai Hospital.

University of Michigan Health said the websites of U-M hospital and Mott Children’s Hospital were attacked on Monday but are now back up and running. The affected websites were hosted by a third-party vendor and did not contain any patient information. A third-party vendor has been providing assistance to mitigate the attack. The wave of attacks prompted the Health Sector Cybersecurity Coordination Center (HC3) to issue an analyst note about the group and provide mitigations that can help to reduce the severity of DDoS attacks, but warned that it is not possible to fully mitigate against the risk of DDoS attacks.

The post Pro-Russian Hacking Group Conducting DDoS Attacks on U.S. Hospitals appeared first on HIPAA Journal.