Fitch Ratings Says Attacks on Hospital Websites Indicate Greater Risk
According to a Feb. 3 press release, Fitch Ratings, a finance and insurance company, says that recent coordinated cyberattacks on U.S. not-for-profit (NFP) hospitals and health systems’ websites show the increasing risks and capabilities of threat actors. The attacks on websites are not likely to drive any downgrades but show that these bad actors could cause greater harm by conducting more malicious attacks that directly affect healthcare delivery.
The press release says that “The websites of a number of US hospitals were taken down in a single coordinated distributed denial of service (DDoS) attack, which sent a flood of traffic to overload a server or website, slowing or shutting them down, potentially for days. This seems to be the most widespread and coordinated attack against the sector to date, with roughly 20 hospitals reporting and some affected hospitals and systems likely not publicly disclosing an attack. Some affected entities have been able to quickly restore their websites, and it currently appears that no personal healthcare information or data was compromised in these attacks.”
Further, “Given what we know at this point, the DDoS attacks are not expected to have any material financial or operational effect on targeted hospitals due to their brief and relatively superficial impact. However, deployment of a more sophisticated cyber weapon that compromises service and affects a hospital’s financial profile could negatively affect ratings. Critically, the disruption highlights the risks to the sector of a similarly scaled, but more severe, attack that could have dire effects on health and safety.”
“KillNet, the hacking group that has claimed responsibility for the attacks, has previously targeted healthcare organizations, according to recent release from Health and Human Services’ Health Sector Cybersecurity Coordination Center that indicates that follow-on ransomware attacks are likely,” the release adds. On Jan. 31, we reported that BetterCyber, a cybersecurity company, tweeted that pro-Russian hacktivist group ‘KillNet’ took responsibility for DDoS (distributed denial-of-service) attacks on official websites of U.S.-based hospitals. On that same day, the Health Sector Cybersecurity Coordination Center (HC3) published an analyst note about the group and its threat to the health and public health sector.”
Additionally, KillNet has taken credit for attacks of a similar nature on other entities outside of the U.S.