Healthcare data
breaches & DDoS
in healthcare:
a rising threat?

Author: Megan Williams

Few have had to adapt to the "next normal" as quickly as healthcare IT leaders. But the blossoming threat of distributed denial-of-service (DDoS) attacks and a healthcare data breach is promising even more disruption.

Overall, cyber security professionals have seen a spike in DDoS over the last several years—a fact that's largely been correlated with the explosion of the Internet of Things (IoT) and cloud computing. Contrary to some common belief, healthcare hasn't been immune. As rates of attacks have increased across the board, the risk—and stakes—of DDoS in healthcare have grown, too.

Those responsible for addressing a healthcare data breach should be ready to rethink their organizations as increasingly valuable targets, reassess the threat of DDoS attacks and update their best practices in combating this emerging healthcare cyber security risk.

The reward for DDoS perpetrators

As an industry, healthcare has enjoyed relative immunity from DDoS attacks—a cyber security threat often rooted in activism and competition, with malicious actors largely focused on what they believe are more deserving targets than health care workers.

But it still happens.  In 2018, a hacktivist was convicted for launching a massive DDoS attack on Boston Children's Hospital that disrupted their network for at least two weeks. His motivation? Retaliation for the hospital's involvement in a contentious child custody case.

In another example, a Wisconsin pharmacist who intentionally destroyed 500 vials of the Moderna COVID-19 vaccine because he believed it was unsafe. With hospitals and other providers serving as primary distribution points, healthcare's safety from hacktivism and other sources of DDoS attacks is likely in jeopardy, as seen in an article by

The risk for healthcare providers and patients

When they choose to strike, most hackers don't prioritize patient health, with many being willing to shut down an entire network regardless of the consequences for vulnerable individuals.

In the past, to help organizations better understand what's at risk in a healthcare context, the Office for Civil Rights (OCR) has reached out through its newsletter, warning that "[a]n attacker may be able to deter patients or healthcare personnel from accessing critical healthcare assets such as payroll systems, electronic health record databases, and software-based medical equipment (MRIs, EKGs, infusion pumps, etc.)"

It's worth asking what these threats look like today during a pandemic and where an attack could cut already-stressed providers off from doing their jobs. DDoS attacks are designed to completely hamstring organizations. In healthcare, the cost of data healthcare breach means disrupting care, stopping the flow of revenue, interrupting regulatory compliance and leaving vulnerable patient records exposed.

How to address the DDoS threat

While DDoS in healthcare evolves as a threat, it is possible to be prepared.  Here is a list of recommendations on how to address DDoS threats:

  • Start by conducting fresh risk assessments
  • Create a list of IoT initiatives
  • Analyze any remote work changes
  • Assess telemedicine responses to the pandemic

Deploy monitoring systems before you replace or invest in new ones. Consider log monitoring, intrusion prevention systems and intrusion detection systems that can detect threats before they become full-blown breaches. This is the most important step of DDoS prevention since a malicious actor needs time to map a network to decide what they want to infect.

Additionally, look for targeted and platform-specific support. Amazon Web Services (AWS), for example, offers a guide, "AWS Best Practices for DDoS Resiliency," that breaks down mitigation techniques and suggests AWS services that help improve web application resiliency.

Finally, think proactively. Prepare your organization for a potential healthcare data breach and educate your staff on the impacts of the cost of data healthcare breach. It is incredibly difficult to respond to DDoS attacks once they penetrate your network, so your entire strategy should function as a unified prevention tool that reduces the impact of high-volume attacks by redirecting and scrubbing inbound traffic, only allowing approved traffic onto your network.

Learn how Verizon's DDoS Shield can mitigate the risk of attacks.

The author of this content is a paid contributor for Verizon.