Increasing reports of Telephony Denial of Service (TDoS) attacks targeting health centers and hospitals have caught the attention of law enforcement. TDoS is essentially a Denial of Service (DoS) attack that disables a telephone system. These types of attacks are simple and relatively unsophisticated but the possibility that such attack could interfere with the efficient operations of a hospital or emergency room, raises grave concerns. The FBI Cyber Division issued a notification last week warning healthcare and public health employees, in particular, to be aware of this growing threat.
The TDoS Attack “M.O.”
The “modus operandi” for the cyber criminals perpetrating the attacks that have been reported seems to be a variation of a pay day loan scam that has been popular for a few years. In most reported cases the attack goes like this:
- A hospital or healthcare facility receives a call asking to speak with an employee.
- The employee is threatened with some type of overdue bill or unpaid debt and asked for personal and financial information.
- When the employee refuses to comply, computer generated calls to the phone system begin and quickly take down the system not allowing calls to be made or received.
Calls come from “spoofed” telephone numbers making it appear initially that the call is coming from another legitimate business. The caller usually has a thick accent and does not identify himself. Once the extortion attempt fails and the TDoS attack is launched, it can last for several hours.
The Warning to Hospitals and Healthcare Employees
The FBI asks hospitals and health care facilities to take steps to prevent such an attack and to be prepared in case they become the victim of an attempt.
- Plan your response with your service provider and 911 equipment vendor.
- Ensure that Public Safety Officials have access to direct contact information for key personnel to be reached in the event of an attack.
- Isolate critical phone lines such as incoming 911 calls to prevent an overload of non-critical lines from rolling over to emergency lines.
- Train employees to be alert to this scheme and remind them to be vigilant in protecting sensitive business information and the PII (personally identifiable information) of patients as well as their own.
If your facility or organization finds itself the target of a TDoS attack, the FBI asks that you take steps to collect critical evidence.
- Make a voice recording of calls that come in before, during, and after the attack. Also retain call logs and IP logs.
- Record any information that can be gathered from the caller such as the incoming telephone number, the alleged debt or account that is to be paid such as the account name and/or number, etc.
The FBI has released this industry-wide notification in an attempt to warn potential victims and to gather more information that may help find those responsible. Report a TDoS attack to authorities right away. Contact the FBI’s Internet Crime Complaint Center at www.ic3.gov with the keywords TDoS, PSAP, and Public Safety. Please be sure to also file a report with local authorities.