The Cybersecurity and Infrastructure Security Agency said the recent attacks on U.S. hospitals and health system websites by Russian hacking group Killnet did not cause any significant damage, The Record reported Feb. 7.
A spokesperson for CISA told the news outlet that the DDoS campaigns deployed by Killnet on U.S. hospitals and health systems only disrupted public-facing websites, but there were no reports of unauthorized access to hospital networks, disruption to healthcare delivery or impacts on patient safety.
CISA said the hacking group boasted about the attacks on a Telegram channel and said Killnet had planned to attack hospitals in more than 25 states. But, according to the agency, less than half of the attacks were successful in taking down public-facing websites.
"Our regional personnel are working closely with our partners on the ground and we encourage all organizations — including state and local governments — to stay vigilant and to take steps to protect themselves," a CISA spokesperson said.
The agency said that it helped organizations mitigate DDoS attacks, particularly those launched by Killnet, throughout 2022.
The agency also said it has been working with tech companies to provide free resources to under-funded organizations that can help them reduce the impact of these attacks in particular.
Although DDoS are not expected to have any financial or operational effect on targeted hospitals, a Fitch report said these attacks could affect a hospital's financial profile and could negatively affect ratings, as these attacks are aimed at compromising service, which in turn could have hospitals lose out on money.
Since the attack, HHS has been warning healthcare organizations to stay vigilant and to have proper protections against DDoS campaigns.