The HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

HPH Sector Warned About Threat of DDoS Attacks by Pro-Russian Hacktivist Group

Posted By on Dec 29, 2022

The healthcare and public health (HPH) sector has been warned about the risk of cyberattacks by a pro-Russian hacktivist group dubbed KillNet, following a recent attack on a U.S. healthcare organization. KillNet is believed to have started operating around the time that Russia invaded Ukraine, between January and March 2022. Since then, the hacktivist group has targeted government institutions and private sector organizations in countries that are providing support to Ukraine, especially NATO countries.

KillNet primarily conducts distributed denial of service (DDoS) attacks. DDoS attacks involve flooding servers and websites with thousands of connection requests from compromised devices to deny access to legitimate users of those servers and websites. These attacks can last for several hours or even days, during which time the servers/websites will run slowly, with prolonged attacks causing outages that can last for several days. Generally, these attacks do not cause any major damage to hardware.

Members of the group have threatened to target organizations in the U.S. healthcare sector in response to the U.S. policy of providing support to Ukraine. Those threats include cyberattacks, data theft, and the publication of the health data of Americans. In December 2022, KillNet claimed responsibility for a cyberattack on a large U.S. healthcare organization that provides healthcare to members of the U.S. military and claims to have stolen a large amount of user data.

Members of the group have threatened to conduct attacks on organizations in other countries if their demands are not met. For instance, in response to the arrest of a suspected member of the KillNet group in Romania in May 2022, a member of the group threatened to target the UK Ministry of Health and claimed attacks would be conducted on life-saving ventilators in British hospitals.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

The Health Sector Cybersecurity Coordination Center (HC3) says the group has a tendency to exaggerate, so any claims made by the group should be taken with a pinch of salt. HC3 says it is possible that some of the claims made by members of the group have been to garner attention from the public and across the cybercriminal underground. That said, the group is considered to be a threat to government and critical infrastructure organizations, including organizations in the HPH sector. HC3 has suggested some practical steps for HPH sector organizations to take to mitigate the risk of DDoS attacks, which are detailed in the KillNet Analyst Note.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist