Question: I keep hearing about denial-of-service attacks in the news, but I have a tough time believing someone would launch one at a hospital or outpatient practice. Should our practice be prepared for a denial-of-service attack? Michigan Subscriber Answer: Distributed denial-of-service (DDoS) attacks are a real threat for any industry, including healthcare. Each network has certain capacity limitations, and a DDoS attack sends multiple requests to certain resources. The repeated requests can eventually exceed the capacity limits and prevent the network from functioning properly. The main purpose of a DDoS attack is to disrupt systems, but they can also be a ruse to distract IT departments while a security breach occurs. Typical DDoS targets include e-commerce websites, online casinos, and businesses that depend on delivering online services. These targets are often random victims of DDoS attacks. However, since hospitals face more pressure to maintain their services and protect their patients’ data, healthcare services are usually intended targets — and they may even end up paying ransoms after the initial DDoS attack. With millions of patient records breached every year, practices need to implement strong defenses against DDoS attacks. Web application firewalls can help protect published web apps, collect data to identify emerging threats, block or challenge IP addresses, and use reputation-based threat protection. Additionally, an incident response plan will help your organization respond to a threat and restore data efficiently.