- This topic has 6 replies, 5 voices, and was last updated 6 months, 1 week ago by
.
-
Posts
-
-
Case study 5: Singapore public health services hit by DDoS attacks
1. Provide a brief description of the story.
Brief description of DDoS attacks in Singapore public health services
The “DDoS” attacked happened in Singapore public health services. This attack is an attempt to disrupt or shut down the functioning of targeted server, service, or network. This attack disrupted to interconnectivity affecting all public healthcare clusters in Singapore on 3rd November 2023 (Wednesday), taking seven hours long. During that time, websites, email and productivity tools for staff couldn’t access these services. So, their users had reported this error when trying to access the websites of some public healthcare institutions, such as Singapore General hospital, National University Hospital and Tan Tock Seng Hospital, according to local media. Synapxe said, it was being maintained the work of critical system needs to provide clinical services at the public healthcare institution including access to patient records.
2. What is/are the impact of this data breach? Consequences of the data breach.
The impact of the attack was the healthcare services effecting on around 46 public healthcare institutions and 1400 community partners and users could not access the healthcare information such as public healthcare websites, email and productivity tools. It was happening for seven hours long. The consequences of the attack occurring in health services agency also couldn’t access the whole process of healthcare system.3. How did the data breach occur?
DDoS attacks represent a major problem for all internet sites, efforts to develop effective preventive and defensive strategies are continuing.
Against the DDoS, they are very difficult to be defended, if the attack comes from a large number of different sources at the same time. In the public health crisis, it might occur the overwhelming number of legitimate public requests for service to public health web sites.4. What should be the main cause of the data breach? Provide a brief explanation of the cause of data breach, such as phishing, ransomware, HIPAA violation, database misconfiguration, human error, third-party vendor error)?
The main cause of the attack was “DDoS”. It hasn’t known who attacks of DDoS yet. I think this is human typing error (Because even unauthorized users can attempt to gain access to a system, a large number of such attempts can effectively preclude usage by everyone) or HIPAA violation. HIPAA privacy rule requires patient consent for disclosure of identifiable records of medical care with certain exceptions. HIPAA says that covered entities “may” provide information to public health, it does not require them to do so. The Institute of Medicine observed that the Privacy Rule “impedes the conduct of important health research”. In many cases these negative impacts are due to misunderstanding of HIPAA by providers, but the effects are real, nevertheless.
5. How could you prevent this data breach attack?
Preventing DDoS attacks can be challenging, distributed network architecture. Attack surface reduction is limiting can help minimize the effect of DDoS attack. Some of attack surface reduction methods are restricting traffic to specific locations, blocking communication of unused ports, and applications. The designers of public health information system must provide alternate access paths that can be activated in emergencies. And must have a backup emergency Internet connection through an alternate Internet service provider. Only official personnel should be informed of this backup address. Using a content delivery network (CDN) to cache resources can reduce the strain on an organization’s servers and make it more difficult for them to become overloaded by both legitimate and malicious requests. Rate limiting can be used to prevent DDoS attacks that use botnets to spam an endpoint with an abnormal number of requests at once. One of DDoS prevention tool is Web application Firewall (WAF) helps block attacks by using customizable policies to filter, inspect, ad block http traffic between web application and the internet.Reference
https://therecord.media/singapore-public-health-services-ddos-attack
https://www.cloudflare.com/learning/ddos/how-to-prevent-ddos-attacks/ -
Preventing DDoS attacks is quite challenging. Blocking unused locations, and unused ports, WAF are insightful methods for me because, in this way, we can minimize the traffic. I am curious about the limitations of web application firewalls like, “How much traffic can a WAF handle effectively in maximum?”
-
Thank you for your suggestion and discussion. Let me address your question so that I understand it.
The effectiveness of a Web Application Firewall (WAF) depends on its configuration and the specific solution in use. The maximum traffic that a WAF can handle effectively varies based on the particular implementation and the capacity of the underlying infrastructure. I found a website that describes it as follows: “UltraWAF is built upon our DDoS infrastructure, which can handle up to 15+Tbps of traffic. This ensures our service can support a significant amount of traffic to meet your needs.”
You can find the reference at https://sourcedefense.com/glossary/limitations-of-waf/ -
-
-
-
-
-
You must be logged in to reply to this topic. Login here