Russian Hackers Take Down At Least 17 U.S. Health System Websites

Russian hacker group Killnet claimed responsibility this week for a string of cyberattacks that took more than a dozen hospital websites offline across the U.S. — including the websites for Cedars-Sinai, Michigan Medicine, and UPMC.

Killnet is known for its DDoS (distributed denial of service) attacks, which occur when hackers block legitimate users from accessing information systems, devices and networks.

The pro-Russia group has been active for at least a year, according to an analyst note released by the Department of Health and Human Services on Monday. It has been known to target countries that support and/or send resources to Ukraine, HHS said. Killnet’s recent attack on U.S. hospitals comes just days after President Biden announced that the U.S. will send 31 Abrams tanks to help equip Ukrainian soldiers.

The group’s DDoS attacks can cause service outages that last several hours or days, but they usually don’t cause major damage, according to HHS’ note. There’s not much of a financial impact — these attacks are more of just a big headache that’s difficult for support and IT staff to handle.

Atrium Health and Michigan Medicine, two health systems targeted by the attack, confirmed that there are no indications that sensitive patient or employee information was impacted.

Below is list of hospitals and health systems whose websites were affected by the attack:

  • Abrazo Arizona Heart Hospital (Phoenix)
  • Anaheim (California) Regional Medical Center
  • AnMed (Anderson, South Carolina)
  • AtlantiCare (Egg Harbor Township, New Jersey)
  • Atrium Health in (Charlotte, North Carolina)
  • Buena Vista Regional Medical Center (Storm Lake, Iowa)
  • Cedars-Sinai (Los Angeles)
  • C.S. Mott Children’s Hospital (Ann Arbor, Michigan)
  • Dartmouth Health Cheshire Medical Center (Keene, New Hampshire)
  • Duke University Hospital (Durham, North Carolina)
  • Heart of the Rockies Regional Medical Center (Salida, Colorado)
  • Huntsville (Alabama) Hospital
  • Michigan Medicine (Ann Arbor)
  • Siteman Cancer Center at Barnes Jewish Hospital and Washington University School of Medicine (St. Louis)
  • Stanford (California) Health Care
  • Thomas Jefferson University Hospitals (Philadelphia)
  • UPMC (Pittsburgh)

All of these providers were able to restore their websites within a day of the attack.

Russian DDos attacks are becoming more of a threat for which U.S. hospitals need to prepare, said Patrick Sullivan, chief technology officer of security strategy at cybersecurity company Akamai.

Historically, DDoS attacks have been much more prevalent in the gaming, government and financial services sectors than in healthcare, Sullivan said. Hospitals have usually focused their cybersecurity defense strategy on protecting their networks and connected devices from ransomware and phishing attacks, but DDoS could start to emerge as a formidable threat.

Even though DDoS attacks usually don’t affect patient information, they can still be disruptive. People flood health systems’ phone lines when the website is unreachable, and hospitals don’t have enough workers to field all those calls.

To protect against DDoS attacks, Sullivan recommended that hospitals conduct a tabletop exercise going over how they would respond in the event of an attack.

“That’s a pretty small investment where you can walk through the event, speak to an expert and understand what a typical attack looks like these days in terms of technique, size and scale,” he said. “You can then assess your ability to respond to that, both from the scale perspective, the technology perspective and human perspective.”

Photo: WhataWin, Getty Images