banner image

DDoS Attacks in IoT Based Healthcare Systems


Internet of Things (IoT) is a versatile technology that has the potential to transform lives of the people due to the plethora of benefits it provides to users. Healthcare system based on IoT which is mostly referred to as smart healthcare is one of the IoT applications. Industrialization and technological advancements have made our lives comfortable but the pollution caused by them has become a prominent reason for chronic health problems all over the world. Smart healthcare uses the property of ubiquitous coverage of IoT for remote monitoring of patients by collecting data through medical devices embedded with sensors.

Medical devices are becoming attack surfaces for hackers due to the confidential personal information that is being transferred through these devices. It is mandatory to protect these devices from attackers as any kind of breaching can be fatal and in serious cases may even lead to death. Maintaining the privacy of a patient becomes a fundamental requirement when the patient is involved with some secret missions of Government or defense services.

The IoT devices readily available come with insecure compositions or may possess some short-term defense mechanism. Small size, low storage, and communication bandwidth limit the implementation of heavyweight security algorithms directly on the medical sensors. Wireless connectivity and data storage on the cloud adds to the risks of security threats involved with IoT.

Security mechanisms are required to ensure better medical services using smart healthcare systems. Some of the attacks on IoT health care include routing attacks, Distributed Denial of Service ( DDoS), fingerprint and timing-based snooping, and sensor attacks. This article describes DDoS, its effects, and few available solutions to mitigate the effect of this attack.

Distributed Denial of Service Attack (DDoS)

In a DDoS attack, the attackers overwhelm a server or cluster with requests to disturb regular traffic flow to the victim’s server or network. An attacker can use many compromised systems to target a single system to cause a denial of service which may lead to a system crash. Using malicious botnets is one of the commonly used methods for initializing this attack. A flooding attack is a kind of DDoS attack that uses HELLO messages in the network to increase traffic thereby causing unavailability of links for routing.

A malicious node introduced by the attacker sends a HELLO message to all the neighbors. These malicious nodes exhibit high routing metrics due to which the neighboring nodes tend to select the malicious node as a parent node. All the information on the routing path thus passes through the malicious node which results in increasing transmission time of data packets and exhaust energy of the nodes.

IoT networks of smart healthcare systems use servers for the live monitoring of patients. The healthcare applications require the continuous availability of networks. DDoS attacks tend to disturb the normal functioning of the network by using compromised devices which can therefore make life-saving operations difficult. The system channel becomes busy due to which it is unable to pass any other information.

Wearable or medical IoT devices are worn by the patients can be used by doctors to keep a record of some of the vital health parameters like a heartbeat, pulse rate, respiration rate, blood pressure, temperature, electrocardiogram (ECG), etc. These parameters get updated at regular intervals and thus can be helpful for the doctors to notify the patients in case of emergencies.

As the doctors can handle their patients remotely it allows people to stay at home rather than being at hospitals or nursing homes as a result of which it is being considered to be a cost-effective health solution. Malicious attackers can disrupt the functioning of hospitals by abducting electronic health records or by launching some malware.

Attackers may gain unauthorized access to the patient’s data tamper it and send false information about the patients. They can alter the values of blood tests or urine tests, and any other medical test, transmit these altered values which may cause the doctors to take wrong decisions while treating the patients. Modification of data by attackers can thus lead to false treatment, a false emergency call to the doctors, and can be life-threatening in some conditions.

Mitigation Of DDos

DDoS attacks can be avoided by setting threshold values for buffer utilization of server and Time to Live (TTL) value of arriving packets. A server is suspected to be under DDoS attacks if the buffer utilization is recorded to be greater than the threshold. When a data packet is sent from source to destination node its TTL value keeps on decrementing as it passes through each node.

A threshold value to TTL is calculated according to the distance of legitimate users from the server. If the arriving packets have fewer values of TTL than the threshold the packets are discarded as it is estimated that the packets with low TTL might be coming from a far geographical location or might have arrived from the attacker nodes due to which they needed more time.

Another method that can be used to reduce the effects of DDoS is using smart e-health gateways for secure authentication and authorization. In smart healthcare applications gateways serve as a bridging point that performs the task of translating protocols exchanged between the internet and sensor networks. The role of smart gateways can be authorized as an embedded server due to its capabilities of providing temporary storage to the medical sensor’s information and local processing of the stored information.

Authentication and authorization tasks of centralized servers can be distributed to smart gateways. If the adversary performs a DDoS attack on a smart health network at the hospital or home to compromise a smart gateway only the associated medical sub-domain will be affected. The change of architecture from a centralized to distributed approach makes the healthcare system more resilient to DDoS attacks and at the same time provides more scalable and reliable end-to-end security.

Some of the measures to be adopted by the health care organizations to mitigate DDoS attacks are:

  • Regular monitoring and scanning of vulnerable and compromised devices on the network to facilitate early implementation of remedial measures.
  • Some password management policies should be maintained in which strong passwords and their regular updates will be mandatory for the users.
  • Antivirus software should be installed on IoT devices and their updates should be monitored.
  • Operating systems for the computer systems and mobiles used in the healthcare networks should have the latest security updates installed on them.
  • Restricting incoming and outgoing traffic in the networks by installing firewalls.
  • Segmentation of networks and applying security controls to access these segments.
  • Universal plug-and-play on routers should be allowed only when it is required.


Health care organizations should endorse protection mechanisms for all devices to reduce the possibilities of cyberattacks. The destruction caused by DDoS attacks not only crashes the server but leads to a loss of trust among the users regarding the smart healthcare technology. It is therefore essential that the device manufacturers should be able to evaluate the new security threats that may arise with the advancement in technologies. All the medical devices should be equipped with novel defense strategies to provide cost-effective and reliable service to the users.


Dr. Anjum Sheikh Qureshi

Assistant Professor,

Rajiv Gandhi College of Engineering Research & Technology, Chandrapur


  • Sanaz Rahimi Moosav, Tuan Nguyen Gia, Amir-Mohammad Rahmani, Ethiopia Nigussie, Seppo Virtanen, Jouni Isoaho, Hannu Tenhunen, “SEA: A Secure and Efficient Authentication and Authorization Architecture for IoT-Based Healthcare Using Smart Gateways”, Procedia Computer Science 52 ( 2015 ) 452 – 459
  • Iftikhar ul Sami, Muhammad Asif, Maaz Bin Ahmad, Rafi Ullah, “DoS/DDoS Detection for E-Healthcare in Internet of Things”, (IJACSA) International Journal of Advanced Computer Science and Applications, Vol. 9, No. 1, 2018
  • Shariq Aziz Butt, Arshad Ali, Diaz-Martinez Jorge Luis, De-La-Hoz-Franco Emiro, Tauseef Jamal, Muhammad Shoaib, ” IoT Smart Health Security Threats” , International Conference on Computational Science and Its Applications (ICCSA), IEEE, 2019

Leave a Reply

Your email address will not be published. Required fields are marked *