The Health Sector Cybersecurity Coordination Center (HC3) recently released an analysis detailing how healthcare systems should respond to distributed denial-of-service (DDoS) attacks. This guidance, issued on May 30, provides updated best practices for thwarting these threats and restoring network functionality.
For organizations in industries other than healthcare, DDoS attacks are addressed in several security framework assessments. For example:
-NIST Cybersecurity Framework (CSF): It includes guidelines for identifying, protecting, detecting, responding, and recovering from DDoS attacks under various categories and subcategories.
-ISO/IEC 27001: This standard outlines requirements for establishing, implementing, maintaining, and continually improving an information security management system (ISMS), including controls for mitigating DDoS attacks.
-CIS Controls: Specifically, Control 12 focuses on boundary defense, which includes measures to prevent and mitigate DDoS attacks.
Understanding DDoS Attacks:
DDoS attacks flood networks with artificial traffic, disrupting online operations. They can affect any industry but are particularly devastating in healthcare, potentially denying access to vital resources and impacting patient care. These attacks are often executed by massive botnets, increasingly used by cybercrime syndicates and politically motivated entities.
Key Recommendations from HC3:
1. Security Hygiene: Regular security audits, real-time traffic monitoring, and a comprehensive security response plan are essential. Early detection is critical, but rate-based detection alone may not suffice. Implementing traffic filtering systems that divert unwanted access to a “sinkhole” or “scrubbing center” can mitigate threats before they escalate.
2. Avoid Counterattacks:Counterattacking botnets can lead to logistical problems and potential legal ramifications. HC3 advises against this approach.
3. Backup Systems:Equip crucial systems with backups, such as alternate delivery networks, to maintain essential services like patient portals even during an attack.
For more detailed guidance and a list of resources, you can read the full HC3 document here. Many of the best practices detailed are industry agnostic. Your Framework Security team can assist implementing these best practices if additional assistance is needed.