Boston Children's targeted in cyberattack

Boston Children's Hospital has come under multiple attacks over the Easter holiday after the activist hacker group Anonymous took up the cause of a girl placed in state custody, according to The Boston Globe.

The group is insisting the hospital fire a doctor who brought medical child-abuse charges against the girl's parents. However, there is no direct evidence implicating the group in the attack.

The distributed denial-of-service (DDoS) attacks aim to overwhelm the hospital's servers. Though the hospital has kept its main web page up--it's reportedly been down intermittently--others have been taken offline. Some patients and medical personnel have not been able to use their online accounts. Children's said that no patient data or its internal systems have been compromised.

Meanwhile, the website of the residential care facility where the girl was taken, the Wayside Youth & Family Support Network, has also come under attack. On a Twitter account allegedly associated with the group, it claims credit for overloading Wayside's website, reports Mass Device.

In a memo to employees Monday, Boston Children's CEO Sandra Fenwick said the hospital "received a direct, credible threat against our internal network, including staff and patient information," and that it had reported the threat to law enforcement.

The form of attack can disrupt workflow by denying access to cloud-based tools and resources. While servers can be insulated from such attacks, medical devices such as IV pumps and X-ray machines lack such protections, according to Mass Device.

It's a dicey form of protest, according to CSO, since it could cause a flood of false alerts or prevent an important alert from reaching a nurse.

"The systems deployed by healthcare organizations are so complex, so interconnected, and, sadly, so fragile, that someone from Anonymous--during the process of searching for information related to a given cause or working on a defacement--could inadvertently hurt somebody," the article says.

The FBI just warned the healthcare industry about its vulnerability to cyberattack. And Verizon's latest data breach report, issued this week, says healthcare is behind the curve compared with other industries' cyber preparedness.

To learn more:
- here's the Globe story
- read the Mass Device article
- check out the CSO piece