Healthcare websites being flooded with fake requests, HHS says

HHS' Health Sector Cybersecurity Coordination Center is warning healthcare organizations to look out for flood distributed-denial-of-service attacks that could shut down their websites.

A trusted third party told HC3 that the fake domain name server requests have been targeting providers since at least November, according to the April 7 notice. The threat actors aim to overload servers with a large number of nonexistent or invalid requests, slowing down the websites.

HC3 provided these mitigation recommendations from cybersecurity company Netscout:

  • Blackhole route or filter suspected domains and servers.
  • Implement domain-name-server response rate limiting.
  • Block requests from the client's IP address for a configurable period of time.
  • Be sure that cache refresh takes place, ensuring continuous service.
  • Lower the timeout for recursive name lookup to free up resources in the domain-name-service resolver.
  • Increase the time-to-live on existing records.
  • Apply rate-limiting on traffic to overwhelmed servers.

Copyright © 2024 Becker's Healthcare. All Rights Reserved. Privacy Policy. Cookie Policy. Linking and Reprinting Policy.


Featured Whitepapers

Featured Webinars