HC3 Expresses Concern About KillNet DDoS Attacks on the Healthcare Sector


KillNet, a pro-Russia hacktivist group that emerged in 2022, has quickly evolved into a significant threat to the healthcare sector by executing distributed denial-of-service (DDoS) attacks, according to the Health Sector Cybersecurity Coordination Center’s most recent analyst note.

“Their signature DDoS attacks on critical infrastructure sectors typically only cause service outages lasting several hours or even days,” HC3 noted. “However, the range of consequences from these attacks on the e United States health and public health (HPH) sector can be significant, threatening routine to critical day-to-day operations.”

Outages can have serious consequences for patient care because they can disrupt care, cause data loss, and disrupt communication between healthcare providers.

In retaliation for Ukraine support, KillNet and its affiliates launched coordinated DDoS attacks on healthcare organizations in the United States and several NATO countries around January 28, 2023.

Although many activist groups avoid targeting healthcare organizations, KillNet began launching DDoS attacks on healthcare organizations in December 2022. Although DDoS attacks rarely cause significant damage, they can cause lengthy service outages and disruptions that jeopardize critical patient care operations.

KillNet launched its most significant wave of DDoS attacks to date in late January, targeting over 90 healthcare organizations across multiple states. 55 percent of the targets were healthcare systems with at least one hospital, including lone hospitals with Level I trauma centers. The outages caused by these attacks could have a significant impact on patients receiving care in these facilities. Although the frequency of DDoS attacks appears to have decreased since March, HC3 predicts that more attacks will occur.

“With the exception of a DDoS attack on a laboratory, blood, and pharmaceutical sub-industry organization, few incidents in the HPH sector have been attributed to KillNet this month,” the analyst note stated. “While there was little to no content on their Telegram channel that indicated a sector targeting, one information security publication revealed a previously unnoticed campaign.”

Microsoft reported on March 17, 2023, that KillNet had been targeting healthcare applications on Azure infrastructure for the previous three months, with 31 percent of the attacks targeting pharmaceutical and life sciences firms, 26 percent targeting hospitals, 16 percent targeting health insurance providers, and 16 percent targeting health services and care. While Transmission Control Protocol (TCP) was the primary attack vector for DDOS attacks in 2022, User Datagram Protocol (UDP) floods were used in 53% of attacks on healthcare, while TCP was used in 44%.

A single cybersecurity solution cannot protect an organization from cyber threat groups such as KillNet. Nonetheless, healthcare organizations should take several proactive measures to mitigate DDoS attacks.

One solution proposed was to use Identity Management (IdM) programs, which can be used by healthcare employees to proactively protect themselves from the reconnaissance techniques used by KillNet and other hacktivists to gather victim identity information.

Leave a Reply