Fitch Ratings Says Attacks on Hospital Websites Indicate Greater Risk

Feb. 6, 2023
A recent press release from Fitch Ratings warned that the recent KillNet attacks on hospitals and health systems are a sign that coordinated cyberattacks on not-for-profit hospitals and health systems in the U.S. will increase

According to a Feb. 3 press release, Fitch Ratings, a finance and insurance company, says that recent coordinated cyberattacks on U.S. not-for-profit (NFP) hospitals and health systems’ websites show the increasing risks and capabilities of threat actors. The attacks on websites are not likely to drive any downgrades but show that these bad actors could cause greater harm by conducting more malicious attacks that directly affect healthcare delivery.

The press release says that “The websites of a number of US hospitals were taken down in a single coordinated distributed denial of service (DDoS) attack, which sent a flood of traffic to overload a server or website, slowing or shutting them down, potentially for days. This seems to be the most widespread and coordinated attack against the sector to date, with roughly 20 hospitals reporting and some affected hospitals and systems likely not publicly disclosing an attack. Some affected entities have been able to quickly restore their websites, and it currently appears that no personal healthcare information or data was compromised in these attacks.”

Further, “Given what we know at this point, the DDoS attacks are not expected to have any material financial or operational effect on targeted hospitals due to their brief and relatively superficial impact. However, deployment of a more sophisticated cyber weapon that compromises service and affects a hospital’s financial profile could negatively affect ratings. Critically, the disruption highlights the risks to the sector of a similarly scaled, but more severe, attack that could have dire effects on health and safety.”

“KillNet, the hacking group that has claimed responsibility for the attacks, has previously targeted healthcare organizations, according to recent release from Health and Human Services’ Health Sector Cybersecurity Coordination Center that indicates that follow-on ransomware attacks are likely,” the release adds. On Jan. 31, we reported that BetterCyber, a cybersecurity company, tweeted that pro-Russian hacktivist group ‘KillNet’ took responsibility for DDoS (distributed denial-of-service) attacks on official websites of U.S.-based hospitals. On that same day, the Health Sector Cybersecurity Coordination Center (HC3) published an analyst note about the group and its threat to the health and public health sector.”

Additionally, KillNet has taken credit for attacks of a similar nature on other entities outside of the U.S.

Sponsored Recommendations

Improving Workplace Safety and Patient Care in Behavioral Health

In 2023, Vail Health enhanced safety in their behavioral health clinic, but the impact went beyond their expectations. Read their case study to see how prioritizing workplace ...

Transforming Hospital Capacity Through Smarter Patient Progression Strategies

Helping patients move seamlessly through every stage of their care, from admission to discharge, is critical to ensuring patient safety, improving outcomes, and optimizing capacity...

Beyond the AI Buzz: How Clinicians Can Leverage AI for Value-Based Success

Watch on-demand to explore the impact of implementing AI in primary care settings to reduce burnout and thrive in value-based care. Including practical takeaways on driving clinician...

Building the Connected Hospital: Bridging Operational Gaps Through Technology

Join industry leaders to explore how advanced technologies like RFID, AI, EMR, and ERP systems are transforming hospitals into connected ecosystems that enhance efficiency, streamline...