By Rob Falbo, vice president of healthcare solutions, Imperva.
In most industries, an IT service outage can lead to lost revenue. In the healthcare industry, disruption of network or application services impacts critical patient care. In the past year, non-human web traffic spiked dramatically, a trend that should be concerning for any healthcare organization.
Research conducted by cybersecurity company Imperva found that, in 2022, 35.8% of all US healthcare website traffic came from bad bots. These are malicious, automated software applications capable of high-speed abuse, misuse, and attacks. What’s more concerning is that 27.1% of bad bots were classified as “advanced.” This breed of bot is capable of using the latest evasion techniques, closely mimicking human behavior to avoid detection.
With bad bot traffic continuing to rise across the globe, it’s critical for healthcare organizations to understand the potential threat bad bots pose and the steps they can take to mitigate it.
How Attackers Are Hitting the Healthcare Industry
In February 2023, the US healthcare industry was put on edge as a spade of denial-of-service (DDoS) attacks were carried out against various healthcare organizations by the Pro-Russian hacktivist group Killnet.
DDoS attacks are designed to overload a network with traffic, making it difficult, even impossible, for patients to access essential services. The attacks are carried out by a collection of bots or hijacked machines, known as a botnet. This enables the attackers to harness the power of many machines and obscure the traffic source. Since traffic is distributed, it is difficult for security tools and teams to detect that a DDoS attack is occurring until it is too late.