The challenge

Objective

Our client, a leading UK healthcare provider, needed urgent assistance to minimise disruption and losses in response to a distributed denial of service (DDoS) attack.

Outcome

We provided immediate integrated security, building a more resilient business for our client.

Results that matter

• Our client now has greater, more resilient security that detects, protects and responds to any future attacks more effectively
• No financial losses were incurred (such as ransom payments or legal damages) due to our successful defence of the attack
• Our client’s website was fully up and running, with all online services available, within 24 hours of the attack

6point6 set a high standard with this project, which the client hopes to see replicated in other geographies. To arrive at the end goal, we ensured the best use of resources was made, for example the identification of already existing technical controls that would satisfy the demands of the UK market. This, combined with our tried and tested methodologies and project management approach, helped to make the whole process extremely efficient.

Healthcare sector faces escalating cyber threats

Organisations in the healthcare sector have become increasingly attractive targets for cyber attackers. During the pandemic, the increase of ransomware attacks in particular was concerning, and was dubbed “healthcare’s next emergency”. 

Our client, a leading UK healthcare provider, was the victim of a distributed denial of service (DDoS) attack. A ransom was required to get the service back up and running and without capability to react to such an attack, the website had to be taken offline.

We successfully transitioned our client’s website to a cloud-hosted platform overnight and maintained vigilant oversight, expertly identifying and neutralising all potential cyber threats until we ensured a secure and stable website environment.

Website services restored in 24 hours

Having outlined the best path to recovery, we moved swiftly to relocate our client’s website to a cloud-hosted platform, protected by cloud-based firewalls.

The website and all related services were restored within 24 hours.

However, as is typical in these cases, the attack continued to persist. Our team therefore continued monitoring the site and responding to the evolving tactics of the threat actor. Within four days of the site being restored, the attack abated.

Winning the DDoS cat-and-mouse game

DDoS attacks are a game of cat-and-mouse. As you block one door, the attackers look to find another. Having Barracuda cloud-based firewalls and Azure hosting infrastructure allowed us to adapt our response in real time, adjusting mitigating controls throughout the attack. 

Our response allowed our client to keep their website live and maintain all services available through the site. In addition, because the attack was properly defended, they did not have to pay the demanded ransom.

In our experience, incidents like these DDoS attacks are the norm rather than the exception. Organisations may think they have adequate security in place, but in most cases off-the-shelf products are just not enough to protect against devious attackers whose full-time job is finding and exploiting weaknesses. 

With so much at stake, regular reviews of security strategies and controls alongside the input of security experts are vital to building cyber resilience. An intelligence-led approach helps organisations to unearth future threats, be better prepared for attacks and build the necessary capabilities to respond quickly and effectively to a security incident.

Learn more about our cyber security approach.