On October 21, 2016, Dyn, a major United States-based provider of Domain Name System (“DNS”) services experienced a massive distributed denial of service (DDoS) attack. Many websites were either completely or intermittently inaccessible for several hours. According to Dyn’s statement on this same date, “The nature and source of the attack is under investigation, but it was a sophisticated attack across multiple attack vectors and internet locations. … We observed 10s of millions of discrete IP addresses associated with the Mirai botnet that were part of the attack.” But, while the Mirai botnet was a major part of the attack, at least one other botnet may have been involved, according to reports.
Mirai malware is discussed in Volume 5 of the HIMSS Cybersecurity Environmental Scan Report, posted earlier the week. This report highlighted the United States Computer Emergency Readiness Team’s Alert No. TA16-288A on the heightened DDoS threat posed by Mirai and other botnets (such as Bashlite). The threat posed by Mirai malware is heightened since its source code has been publicly “leaked” to at least one popular source code repository. As a consequence, experts predict that the release of the source code may result in a surge of DDoS attacks.
There are at least four lessons that healthcare organizations can learn from the Mirai botnet attack: (1) healthcare organizations—of all sizes--need to have robust, holistic cybersecurity programs, (2) healthcare organizations should have a plan of action in case their network goes down (or other Internet resource) in the form of business continuity and disaster recovery plans, (3) healthcare organizations must properly secure IoT devices (another helpful resource is the OWASP Internet of Things Project), and (4) healthcare organizations must achieve operational resilience, which is defined as the ability to prepare for and adapt to changing conditions and withstand and recover rapidly from disruptions (Presidential Policy Directive No. 21).
The time for healthcare organizations to have robust, holistic cybersecurity programs and ensure operational resilience is now—before it is too late. A successful cyber-attack may have significant ramifications for healthcare organizations, ranging from the inability to provide essential patient care services, crippled business operations, or even serious patient injury or death (such as an attack on a connected medical device—especially a life-sustaining one). Even worse scenarios may exist for successful and coordinated cyber-attacks (which is why there are plans such as the National Cyber Incident Response Plan, to prepare and plan for such significant cybersecurity incidents). Furthermore, the cyber-attacks may directly target healthcare organizations or the cyber-attacks may target other sectors that the health sector depends upon, such as the electrical, water, or manufacturing sectors, to name a few. The health sector is especially vulnerable, because health sector touches virtually everything else and everyone needs healthcare. From this vantage point, it is perhaps the most complex critical infrastructure sector to protect and defend. For visual maps on cyber-attacks going on now, please see the Norse map, the FireEye map, and the Digital Attack Map for daily DDoS attacks worldwide.
Accordingly, in recognition of Critical Infrastructure Security and Resilience Month this November (#Infrastructure), all health sector stakeholders are encouraged to raise awareness about the need for robust, holistic cybersecurity. The United States Department of Homeland Security (DHS) Office of Infrastructure Protection has released a Critical Infrastructure Security and Resilience Month 2016 Toolkit, available for download from the DHS website.
On a related note, the HIMSS Healthcare Cybersecurity Community is hosting a webinar on November 17th from 2-3PM ET, featuring Brendan Applegate of GT2, who will speak about how healthcare organizations can leverage information superiority to defeat the cyber-adversaries. (Much too often, cyber-attackers know more about our networks, resources, and capabilities than the target. With information superiority, however, the target may be able to turn the tables on the cyber-attacker by being able to successfully defend the castle.) Everyone is encouraged to register for this important webinar today on Addressing the Risks to Critical Healthcare Infrastructure through Information Superiority.
Please also join in the #ChatSTC Twitter Chat, hosted by the National Cyber Security Alliance, on November 3rd from 3-4PM ET on Building Cyber Resilience in Critical Infrastructure. The moderator of the chat is @StopThinkConnect and official guests include @lkimhimss, @joshblac_ (Chair of the HIMSS Privacy and Security Committee), @StaySafeOnline, @HerjavecGroup, and @ESET.