Increase in DOS Attacks Targeting Hospitals

4 min read

It's a sad reflection of our times that bad actors would use cyberattacks to disrupt operations or extort money from hospitals. Yet here we are. Despite early pandemic pronouncements, from an artificial high moral pedestal by prominent cybercriminal gangs, that they wouldn't target healthcare providers, it turned out that they did — with gusto! The attacks have continued post-pandemic. If anything, attacks against hospitals have increased this year. Ransomware is probably the biggest threat, but Denial of Service attacks are also now significant.

What is a Denial of Service Attack?

A Denial of Service (DoS) attack targets online servers and web applications with a large number of requests. This flood of network traffic and access requests overwhelms the servers that are delivering the service, and as a result, legitimate users cannot connect and perform the tasks they need to do.

In most DoS attacks, the disruptive requests come from a distributed network of dedicated network nodes that the criminals have built or, more often, from compromised devices that the bad actors are using illegally. This type of attack is called a Distributed DoS or DDoS, and the collection of compromised devices is called a Botnet.

DDoS attacks are typically short-lived, and direct disruption only occurs as attackers flood the network - typically for hours rather than days. Even so, having no access to critical healthcare systems can devastate patient care. And if systems are unavailable for a few hours, there will be a knock-on impact on patient care as treatments and procedures get rescheduled. Given that most hospitals are operating very close to capacity, any delays can have an effect that disrupts planned schedules for days or weeks.

Why Hospitals Are Targeted

In the case of DDoS attacks, hospitals are mainly being targeted in 2023 by Russian cybercrime gangs in response to the illegal invasion of Ukraine. As reported in The HIPAA Journal (see ref 1), the pro-Russian cybercrime group known as KillNet has been targeting hospitals with DDoS attacks in response to the U.S. support for Ukraine. This criminal gang has also targeted commercial organizations that have supplied equipment or aid to Ukraine, both in the U.S. and other countries.

Many "cyberattack as a service" platforms have been developed and made available by bad actors in the last few years. These allow people without the skills to create the attack software themselves to pay a service to attack organizations. A recent addition to this list of attack services is a DDoS as a Service platform called Passion (ref 2). Attackers used this Passion tool in January 2023 to target hospitals in the U.S. and European countries. The attacks were again targeting countries that supported Ukraine, and it was the KillNet group and probably some others.

The Health Sector Cybersecurity Coordination Center (HC3), which operates within the HHS Office of Information Security, issued an analyst note about the KillNet group's activities at the end of January (ref 3).

Some Recent Attacks

The hospitals targeted by DDoS attacks this year are spread across the country and range from small rural hospitals to larger city hospitals. Some examples of hospitals the KillNet gang targeted include:

  • Huntsville Hospital, Alabama
  • Anaheim Regional Medical Center, California
  • C.S. Mott Children's Hospital, Michigan
  • Buena Vista Regional Medical Center, Iowa
  • Heart of the Rockies Regional Medical Center, Colorado
  • Los Angeles Cedars-Sinai Medical Center, California
  • Duke University Hospital, North Carolina
  • Dartmouth Health Cheshire Medical Center, New Hampshire

This list is only a tiny sample for illustrative purposes. Many others got targeted, and if you are in a leadership role in a hospital, large or small, you should ensure that your cybersecurity team has anti-DDoS protections in place.

Stay Up to Speed Via Mike Hamilton’s Security Blast

Critical Insight has extensive experience advising and protecting rural and city hospitals of all sizes on defending their staff, patients, data, and systems from DDoS and other cyberattacks. In the section below, we provide a brief outline of our services. Before doing that, we want to highlight the weekday situational email update compiled by Critical Insight's CISO Mike Hamilton. The threat landscape we all face is dynamic, and it can be hard to see what news stories are important. Mike does the work, so you don't have to, and if you sign up for his blast email, you'll get the essential articles in your inbox as a curated list.

See to learn more and sign up.


Critical Insight CSaaS Team Are Here to Help You

Critical Insight's comprehensive CSaaS offering includes Incident Preparedness, 24*7 MDR, Incident Response, Vulnerability Scanning, Penetration Testing, and Regulatory Compliance assistance. By partnering with Critical Insight as your security partner and using our CSaaS, you have access to healthcare cybersecurity planning, defense, and rapid response experts who can work with your leadership team to prepare for and deal with your cybersecurity requirements and protection. All via pre-agreed and predictable budgets. See to read more.

To read more on how rural and other hospitals can use our services, visit our Cybersecurity Solutions for Rural Hospitals  page. Use the form below to reach out to us and chat with our experts about how we can partner with you to ensure your cybersecurity protects your hospitals from DDoS and other threats. So that you can focus on healthcare and make sure you're there to provide your community care when they need you. 



The HIPAA Journal: Pro-Russian Hacking Group Conducting DDoS Attacks on U.S. Hospitals -

Bleeping Computer: New DDoS-as-a-Service platform used in recent attacks on hospitals -

Health Sector Cybersecurity Coordination Center: Pro-Russian Hacktivist Group ‘KillNet’ Threat to HPH Sector (PDF Link) -