As Russia’s war on Ukraine began, the American Hospital Association (AHA) issued a warning to hospital systems to be beware of the potential for cyberthreats to escalate. On July 6, the Cybersecurity and Infrastructure Security Agency along with the FBI and the Department of the Treasury circulated an alert about North Korea-based computer hackers who had been targeting the industry for more than a year. In November 2021, the U.S. Cybersecurity and Infrastructure Agency had also issued a warning highlighting malicious activity from a group connected with the government of Iran.Andrew Hollister, chief security officer at security information and event management technology vendor LogRhythm and vice president at LogRhythm Labs, said, “As evidenced by both the volume of attacks reported in the press as well as the initiatives being taken by various agencies within the U.S. government, the climate for cyberattacks, unfortunately, continues to be very favorable.”

Photo by Marek Levak from Pexels

Hollister continued, “Historically, we have used the fact that a cyberattack occasionally made an appearance in mainstream media as a signal that a threshold had been crossed, or that something of particularly virulent or pernicious nature had been released. However, today we see cyberattacks in the mainstream media almost every day, which gives us an indication of the alarming state of the current threat landscape.”As far as considering why nation-state attackers prioritize U.S. hospital systems and other major healthcare providers as targets, Hollister responded, “One of the major reasons why healthcare is such a target is due to the unique and complex nature of those environments. Healthcare providers may hold vast amounts of personal information, payment information, as well as medical research. Additionally, they may run on multiple physical locations or even campuses and operate both corporate networks as well as healthcare-specific devices, some of which may be connected to people. Complexity is the enemy of security, in which simply gaining an overall picture of the assets and their risk posture is a significant task, and that’s before considering the data that is held by the organization.”Some of the measures healthcare entities can initiate including identifying weaknesses in internal systems so that these can be addressed and better secured against threats going forward.Hollister suggests, “Everything starts with understanding the basics and doing them flawlessly. For example, the Center for Internet Security and the SANS Institute have developed Critical Security Controls. Just the basic implementation of these controls has been shown in some studies to be capable of thwarting 85% of cyberattacks. Yet organizations continue to fail to implement the most basic controls around asset and software management, identity and vulnerability management, and things such as multi-factor authentication.”However, prevent measures may not be sufficient, he noted, saying, “Organizations ultimately require something beyond preventative security. The industry widely accepts that it’s when, not if, you will experience a cyberattack that breaches your defenses, and thus detection and response capabilities are critical in securing an organization against threat actors with either the resources or backing of a nation-state.”While the threats themselves cannot be stopped, the way hospital systems respond – how quickly and the measures taken – can make all the difference. It’s important to keep patient files confidential and disseminating information about an attack to patients when one occurs is essential. Then, new protocols and procedures should be put into place to better protect against future threats.

Sources:

Cyberwarfare against health systems: The nation-state threatThird-Party, Cyber-Risk Skyrockets for Health Systems Ransomware Attacks on Hospitals Have Changed