How Boston Children’s Hospital Survived an Attack by Anonymous · • Cat and mouse –we address...
Transcript of How Boston Children’s Hospital Survived an Attack by Anonymous · • Cat and mouse –we address...
![Page 1: How Boston Children’s Hospital Survived an Attack by Anonymous · • Cat and mouse –we address attack, they change tactic/increase volume • 1 week later, Easter/Patriot’](https://reader035.fdocuments.in/reader035/viewer/2022071218/6052064133ad020a70491569/html5/thumbnails/1.jpg)
1
How Boston Children’s Hospital Survived an Attack by
AnonymousSession CS2, February 19, 2017
Daniel Nigrin, MD, MS, SVP & CIO
![Page 2: How Boston Children’s Hospital Survived an Attack by Anonymous · • Cat and mouse –we address attack, they change tactic/increase volume • 1 week later, Easter/Patriot’](https://reader035.fdocuments.in/reader035/viewer/2022071218/6052064133ad020a70491569/html5/thumbnails/2.jpg)
2
Speaker Introduction
Daniel Nigrin, MD, MS
Senior Vice Presidentand Chief Information Officer
![Page 3: How Boston Children’s Hospital Survived an Attack by Anonymous · • Cat and mouse –we address attack, they change tactic/increase volume • 1 week later, Easter/Patriot’](https://reader035.fdocuments.in/reader035/viewer/2022071218/6052064133ad020a70491569/html5/thumbnails/3.jpg)
3
Conflict of Interest
Daniel Nigrin, MD, MS
Has no real or apparent conflicts of interest to report.
![Page 4: How Boston Children’s Hospital Survived an Attack by Anonymous · • Cat and mouse –we address attack, they change tactic/increase volume • 1 week later, Easter/Patriot’](https://reader035.fdocuments.in/reader035/viewer/2022071218/6052064133ad020a70491569/html5/thumbnails/4.jpg)
4
Agenda
• Case Study
– What happened?
– How did we respond?
– What did we learn?
– Could it happen again?
– Postscript
![Page 5: How Boston Children’s Hospital Survived an Attack by Anonymous · • Cat and mouse –we address attack, they change tactic/increase volume • 1 week later, Easter/Patriot’](https://reader035.fdocuments.in/reader035/viewer/2022071218/6052064133ad020a70491569/html5/thumbnails/5.jpg)
5
Learning Objectives:
– Explain what a hacktivist attack is
– Describe the hallmarks of a hacktivist attack and the demands from the attackers
– Illustrate how healthcare organizations can become targets of hacktivist attacks
– Explain how to work with law enforcement in response to the attack
![Page 6: How Boston Children’s Hospital Survived an Attack by Anonymous · • Cat and mouse –we address attack, they change tactic/increase volume • 1 week later, Easter/Patriot’](https://reader035.fdocuments.in/reader035/viewer/2022071218/6052064133ad020a70491569/html5/thumbnails/6.jpg)
6
A Shot Across Our Bow
• March 20, 2014 – notified by external cyber intelligence group about Twitter/Pastebin posting by Anonymous, threatening attack
• “d0x” of staff and presiding judge posted
• “Details” of BCH external web site posted
![Page 7: How Boston Children’s Hospital Survived an Attack by Anonymous · • Cat and mouse –we address attack, they change tactic/increase volume • 1 week later, Easter/Patriot’](https://reader035.fdocuments.in/reader035/viewer/2022071218/6052064133ad020a70491569/html5/thumbnails/7.jpg)
![Page 8: How Boston Children’s Hospital Survived an Attack by Anonymous · • Cat and mouse –we address attack, they change tactic/increase volume • 1 week later, Easter/Patriot’](https://reader035.fdocuments.in/reader035/viewer/2022071218/6052064133ad020a70491569/html5/thumbnails/8.jpg)
8
Was This the Real “Anonymous”?
• Convened Hospital’s Incident Response Team, began forming contingency plans
- Especially focused on potential need to “go dark”, cutting ourselves off from Internet if necessary
• Message to entire organization emphasizing vigilance, email security best practices
• Contacted authorities
![Page 9: How Boston Children’s Hospital Survived an Attack by Anonymous · • Cat and mouse –we address attack, they change tactic/increase volume • 1 week later, Easter/Patriot’](https://reader035.fdocuments.in/reader035/viewer/2022071218/6052064133ad020a70491569/html5/thumbnails/9.jpg)
9
About 3 weeks later: It Begins
• Low volume DDoS attack starts
• Cat and mouse – we address attack, they change tactic/increase volume
• 1 week later, Easter/Patriot’ Day weekend (Boston Marathon bombing 1 year anniversary)
— Massive uptick in DDoS volume
— Engaged 3rd party vendor to assist in filtering traffic
![Page 10: How Boston Children’s Hospital Survived an Attack by Anonymous · • Cat and mouse –we address attack, they change tactic/increase volume • 1 week later, Easter/Patriot’](https://reader035.fdocuments.in/reader035/viewer/2022071218/6052064133ad020a70491569/html5/thumbnails/10.jpg)
10
Internet Traffic During DDoS Attack
Nigrin, NEJM, July 31, 2014
![Page 11: How Boston Children’s Hospital Survived an Attack by Anonymous · • Cat and mouse –we address attack, they change tactic/increase volume • 1 week later, Easter/Patriot’](https://reader035.fdocuments.in/reader035/viewer/2022071218/6052064133ad020a70491569/html5/thumbnails/11.jpg)
![Page 12: How Boston Children’s Hospital Survived an Attack by Anonymous · • Cat and mouse –we address attack, they change tactic/increase volume • 1 week later, Easter/Patriot’](https://reader035.fdocuments.in/reader035/viewer/2022071218/6052064133ad020a70491569/html5/thumbnails/12.jpg)
12
Not Just DDoS…
• Direct penetration attacks on exposed ports, web sites
• Massive influx of malware laden emails
• Re-contacted authorities – advised no press!
![Page 13: How Boston Children’s Hospital Survived an Attack by Anonymous · • Cat and mouse –we address attack, they change tactic/increase volume • 1 week later, Easter/Patriot’](https://reader035.fdocuments.in/reader035/viewer/2022071218/6052064133ad020a70491569/html5/thumbnails/13.jpg)
![Page 14: How Boston Children’s Hospital Survived an Attack by Anonymous · • Cat and mouse –we address attack, they change tactic/increase volume • 1 week later, Easter/Patriot’](https://reader035.fdocuments.in/reader035/viewer/2022071218/6052064133ad020a70491569/html5/thumbnails/14.jpg)
14
![Page 15: How Boston Children’s Hospital Survived an Attack by Anonymous · • Cat and mouse –we address attack, they change tactic/increase volume • 1 week later, Easter/Patriot’](https://reader035.fdocuments.in/reader035/viewer/2022071218/6052064133ad020a70491569/html5/thumbnails/15.jpg)
15
![Page 16: How Boston Children’s Hospital Survived an Attack by Anonymous · • Cat and mouse –we address attack, they change tactic/increase volume • 1 week later, Easter/Patriot’](https://reader035.fdocuments.in/reader035/viewer/2022071218/6052064133ad020a70491569/html5/thumbnails/16.jpg)
16
It Ends
• About 1 week after high volume DDoS started, it abruptly declined, to a low trickle
• Only gradually brought externally facing sites back online, after extensive 3rd party (re)penetration testing
• Took a deep breath!
![Page 17: How Boston Children’s Hospital Survived an Attack by Anonymous · • Cat and mouse –we address attack, they change tactic/increase volume • 1 week later, Easter/Patriot’](https://reader035.fdocuments.in/reader035/viewer/2022071218/6052064133ad020a70491569/html5/thumbnails/17.jpg)
17
Out of all bad things...…good things come
![Page 18: How Boston Children’s Hospital Survived an Attack by Anonymous · • Cat and mouse –we address attack, they change tactic/increase volume • 1 week later, Easter/Patriot’](https://reader035.fdocuments.in/reader035/viewer/2022071218/6052064133ad020a70491569/html5/thumbnails/18.jpg)
18
![Page 19: How Boston Children’s Hospital Survived an Attack by Anonymous · • Cat and mouse –we address attack, they change tactic/increase volume • 1 week later, Easter/Patriot’](https://reader035.fdocuments.in/reader035/viewer/2022071218/6052064133ad020a70491569/html5/thumbnails/19.jpg)
19
What Did We Learn
• DDoS countermeasures are critical!
• Know what systems (or features within systems) depend on Internet access, and have contingency plans for those
• Recognize importance of email, and need for alternate forms of communication
• Need to push through security initiatives – no excuses anymore
• Securing teleconference meetings
• Separating signal from noise
![Page 20: How Boston Children’s Hospital Survived an Attack by Anonymous · • Cat and mouse –we address attack, they change tactic/increase volume • 1 week later, Easter/Patriot’](https://reader035.fdocuments.in/reader035/viewer/2022071218/6052064133ad020a70491569/html5/thumbnails/20.jpg)
20
And Most Importantly
As an industry, we’ve got to pay closer attention to these threats, and prioritize our efforts against them,
far more than we have done in the past
![Page 21: How Boston Children’s Hospital Survived an Attack by Anonymous · • Cat and mouse –we address attack, they change tactic/increase volume • 1 week later, Easter/Patriot’](https://reader035.fdocuments.in/reader035/viewer/2022071218/6052064133ad020a70491569/html5/thumbnails/21.jpg)
21
Postscript: Could it happen again?
![Page 22: How Boston Children’s Hospital Survived an Attack by Anonymous · • Cat and mouse –we address attack, they change tactic/increase volume • 1 week later, Easter/Patriot’](https://reader035.fdocuments.in/reader035/viewer/2022071218/6052064133ad020a70491569/html5/thumbnails/22.jpg)
22
Postscript #2
You can’t make this stuff up
![Page 23: How Boston Children’s Hospital Survived an Attack by Anonymous · • Cat and mouse –we address attack, they change tactic/increase volume • 1 week later, Easter/Patriot’](https://reader035.fdocuments.in/reader035/viewer/2022071218/6052064133ad020a70491569/html5/thumbnails/23.jpg)
23
Postscript #2
![Page 24: How Boston Children’s Hospital Survived an Attack by Anonymous · • Cat and mouse –we address attack, they change tactic/increase volume • 1 week later, Easter/Patriot’](https://reader035.fdocuments.in/reader035/viewer/2022071218/6052064133ad020a70491569/html5/thumbnails/24.jpg)
24Newsweek.com, October 21, 2016
Postscript #3
![Page 25: How Boston Children’s Hospital Survived an Attack by Anonymous · • Cat and mouse –we address attack, they change tactic/increase volume • 1 week later, Easter/Patriot’](https://reader035.fdocuments.in/reader035/viewer/2022071218/6052064133ad020a70491569/html5/thumbnails/25.jpg)
25
![Page 26: How Boston Children’s Hospital Survived an Attack by Anonymous · • Cat and mouse –we address attack, they change tactic/increase volume • 1 week later, Easter/Patriot’](https://reader035.fdocuments.in/reader035/viewer/2022071218/6052064133ad020a70491569/html5/thumbnails/26.jpg)
26
Daniel Nigrin, MD, MS
SVP & CIO