Health Sector at High Risk for COVID-19 TDoS Attacks

Cyber Advisory:

The NTIC Cyber Center assesses with high confidence that organizations within the Healthcare and Public Health Sector are at high risk of targeted and opportunistic cyber attacks exploiting the COVID-19 pandemic to disrupt operations, steal sensitive data, and generate illicit revenue for profit-motivated cyber threat actors.

Healthcare Sector Targeted

Over the past several years, Healthcare and Public Health Sector organizations have become increasingly attractive targets for cyber threat actors not only because of the treasure trove of sensitive personal and medical data collected and stored on their servers, but also because of the critical functions they perform. Unauthorized access of sensitive data and the disruption of operations can have a devastating and debilitating effect on those in need of the life-sustaining services these organizations provide. Historically, successful cyber attacks launched against organizations within this sector have resulted in stolen, inaccessible, or destroyed patient electronic health information, the unavailability of organization websites, servers, and email systems, disabled or disrupted telephone communications, and the cancellation or delay of scheduled medical procedures and other appointments.

COVID-19 Cybersecurity Risks Emerge

As the rapid emergence of COVID-19 within the US has already begun to place a strain on healthcare facilities, disruptive and destructive cyber attacks could potentially delay or cease critical services as the demand for COVID-19 testing and treatment increases. To reduce the risk of this scenario occurring, the NTIC Cyber Center urges cybersecurity professionals and IT administrators working in the Healthcare and Public Health Sector to take steps now to secure their networks and devices against cyber attacks.

TDOS is one of the top Cyber Threats Most Likely to Impact the Healthcare and Public Health Sector During the COVID-19 Epidemic

Telephony Denial-of-Service (TDoS): the attempt to make a targeted telephone system unavailable to legitimate incoming or outgoing calls by flooding it with call traffic or compromising a Voice-over-IP (VoIP) system. TDoS attacks are commonly launched against public safety answering points (PSAPs) and emergency call centers. An unintended TDoS condition can also occur when many people attempt to call a phone number at the same time, or a malicious mobile application generates a high volume of outgoing calls without the mobile phone user’s interaction.

• In 2018, security researchers assessed that it only takes approximately 6,000 smart phones to disable 9-1-1 emergency services or PSAPs.