The websites of EHR software providers Athenahealth and Allscripts were down for some parts of the country Friday during the same time hackers launched an attack against the servers of Dyn, a major Domain Name System host.
Twitter, Spotify, Reddit, and Shopify were down most of Friday morning and afternoon, but healthcare companies seemed to be largely unaffected.
Dyn posted on its website Friday that it experienced an attack early that morning but restored services a few hours later. A second attack occurred around 11 a.m. Central time. Dyn is still investigating and mitigating the attacks, it said.
A spokeswoman for web-based EHR provider Athenahealth said that while its customer-facing retail site was down, none of its EHR software clients have reported problems.
“DYN has many large customers across the U.S. who were affected, including Amazon, Twitter, Spotify and many others,” said Victoria Gavaza, Athenahealth spokeswoman, adding the issue was not related to Athenahealth servers or back-up servers. Athenahealth also said its data is “maintained intact and secure” and “backed up constantly” when there's an issue with the internet.
Robert Tennant, director of health information policy for the Medical Group Management Association, a trade association for managers of physician office-based practices, said the organization hasn't heard of any members dealing with issues related to the internet outage. But he said Friday's cyberattack against Dyn is a reminder to healthcare practices that they need to prepare for instances when medical data isn't available.
Before internet outages even occur, practices should understand how medical files will be affected. Will files be accessible by clinicians? Will data entered manually be backed up, or could it potentially be lost?
“It reminds practices that they need to be diligent, for example, in having somebody or some technician or firm that they can call in and assist them as part of their disaster recovery plan required under HIPAA,” Tennant said. “Our members for the most part are not technical experts, so they want to get their vendors to explain and provide assurances that there will not be any negative impact” when an internet outage occurs.
Friday's malware hack is called Mirai, according Michael “Mac” McMillan, the CEO and co-founder of CynergisTek, an Austin, Texas-based security firm.
That's the same malignant code that was used last month to paralyze the popular KrebsonSecurity.com blog in what's called a Distributed Denial of Service attack.
The malware first scours the so-called Internet of Things, which is made up of millions of computerized and internet-connected devices that range from coffee pots to security cameras to door locks.
“Most have very little to no security on them,” McMillan said. So it's easy for the malware to penetrate these small computers and recruit them into an army of digital storm troopers called a botnet.
Then, the hacker leader “turns them into an attack platform,” McMillan said. “They begin to send traffic at whatever the target address is and overwhelms and crashes it, and anyone that's connected to it loses their connectivity.”
According to a cybersecurity arm of the Homeland Security Department, the Mirai author claimed “over 380,000 IoT devices were enslaved by the Mirai malware in the attack on Krebs's website.” A Mirai legion of devices is capable of pummeling a target site with as much as 1.1 terabits of data per second.
McMillan said “only a few” of his customers, all small hospitals with downed web-based EHRs from Athenahealth, contacted him. But even for those hospitals with so-called “legacy” EHRs that run on the hospital's own computers, an average of about 30% of their information technology infrastructure is hosted by an outside company and provided over the internet.
“Right now,” McMillan said, “there is very little defense.” So, the key is preparedness for these sorts of attacks, just as organizations must do for downtime due to more conventional means, such as power outages and hardware malfunctions, he said.
Modern Healthcare reporter Joseph Conn contributed to this report.