How Boston’s Children Hospital survived an attack by Anonymous

Featured image

Share this article

How Boston's Children Hospital survived an attack by Anonymous

It is no secret that healthcare is a prime target for cybercriminals. During my trip to HIMSS 2017, I sat in to hear how Boston’s Children Hospital survived an attack by the hacktivist group, Anonymous.

One of the worst things that I can imagine a hospital staff wants to hear is that they are under a cyber attack. Its’ bad enough to be hacked, but it is even worse when the attacker is the infamous hacktivist group, Anonymous. Boston Children’s Hospital went through such an ordeal. Daniel Nigrin, SVP and CIO of the hospital recounts the tale.

What happened?

  • First warning of attack came on 03/20/2014 via external cyber intelligence group.
  • Details of external website and personal information of staff posted on twitter.
  • First attacks were low level DDOS occurred 3 weeks later. BCH respond, Anonymous group change tactics.
  • Easter/Patriot’s Day weekend, massive uptick in DDOS attack. Requested outside assistance. Malicious internet traffic as high as 28gb per second during this time.
  • Eventually news of the attack was covered in the press.
  • One week after high volume attack of DDOS, it just abruptly stopped.
  • Eventually external facing site were brought back online, but only after extensive 3rd party penetration testing.

How did Boston’s Children Hospital respond?

  • Hospital incident response team convened and formed contingency plan, going dark was consider a possibility.
  • Contacted the proper authorities.
  • Communicated with entire organization, emphasizing vigilance and email security best practices.

Lessons Learned

  • DDoS countermeasures are critical!
  • Know what systems (or features within systems) depend on Internet access, and have contingency plans for those
  • Recognize importance of email, and need for alternate forms of communication
  • Need to push through security initiatives – no excuses anymore
  • Securing teleconference meetings
  • Separating signal from noise
  • Most importantly As an industry, we’ve got to pay closer attention to these threats, and prioritize our efforts against them, far more than we have done in the past

Can it happen again?—The short answer is YES!!

The ordeal that Boston’s Children Hospital went through just reminds me that healthcare more than ever needs to step up its game. As an industry, healthcare is a prime target for cybercriminals. The data is immensely valuable and the means to protect it is still lacking. With the lessons shared by Bostons’ Children Hospital, we can begin to make positive step forward to a more secure future.

 

Try Paubox Email Suite for FREE today.
Author Photo

About the author

Phuong Tran

Phuong Tran is a Carnegie Mellon University-Heinz College graduate with a degree in healthcare policy and management. In his spare time he enjoys discovering new restaurants and playing basketball.

Read more by Phuong Tran

Get started with
end-to-end protection

Bolster your organization’s security with healthcare’s most trusted HIPAA compliant email solution

The #1-rated email encryption 
and security software on G2

G2 Badge: Email Encryption Leader Fall 2022
G2 Badge: Security Best Usability Fall 2022
G2 Badge: Encryption Momentum Leader Fall 2022
G2 Badge: Security Best Relationship Fall 2022
G2 Badge: Security Users Most Likely to Recommend Fall 2022
G2 Badge: Email Gateway Best Relationship Fall 2022
G2 Badge: Email Gateway Best Meets Requirements Fall 2022
G2 Badge - Users Most Likely to Recommend Summer 2022
G2 Badge: Email Gateway Best Results Fall 2022
G2 Badge: Email Gateway Best Usability Fall 2022
G2 Badge: Email Gateway Best Support Fall 2022
G2 Badge: Email Gateway Easiest To Use Fall 2022
G2 Badge: Email Gateway Easiest Setup Fall 2022
G2 Badge: Email Gateway Easiest Admin Fall 2022
G2 Badge: Email Gateway Easiest to do Business with Fall 2022
G2 Badge: Email Gateway Highest User Adoption 2022
G2 Badge: Email Gateway High Performer Fall 2022
G2 Badge: Email Gateway Momentum Leader Fall 2022
G2 Badge: Email Gateway Most Implementable Fall 2022
G2 Badge: Email Gateway Users Most Likely to Recommend Fall 2022