Now that the build-up of Russian troops on the border of Ukraine has progressed into a full invasion, warnings have been issued about the elevated threat of cyberattacks on organizations in the United States and other countries that have imposed economic and military sanctions on Russia.
Russia has a history of using destructive cyberattacks on its adversaries. In 2015 and 2016, the Russian General Staff Main Intelligence Directorate (GRU) conducted cyberattacks on the Ukrainian electricity grid, the Ukrainian financial, energy, and government sectors were targeted in a series of cyberattacks in 2017, and 2017 also saw the use of the NotPetya wiper in attacks on Ukrainian businesses. In January this year, a wiper malware dubbed WhisperGate was used in attacks on the country, and Distributed Denial-of-Service DDoS attacks have recently been reported, along with the use of a new wiper malware in the past few days. Russia was also behind a series of disrupted attacks on Georgia in 2019.
This week, FBI Cyber Section chief David Ring reportedly briefed private executives and state/local officials about the increased threat of ransomware attacks from hacking groups backed by Russia and urged them to consider how critical services could continue to be provided in the event of an attack. There is also concern that recent DDoS attacks in Ukraine could be extended to NATO members and other foreign targets and pro-Russia hacking groups increasing their attacks on organizations in countries that are showing support for Ukraine.
CISA recently issued a “Shields Up” warning to critical infrastructure entities in the United States due to the elevated risk of destructive cyberattacks. CISA urged all organizations to take a proactive approach to defend their digital environments, and the Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center (HC3) has issued a warning about the use of misinformation, disinformation, and malinformation (MCD) tactics to shape public opinion, undermine trust, amplify division, and sow discord, which could undermine security in the United States.
On February 23, 2022, the American Hospital Association (AHA) issued a warning to hospitals and health systems that they may be directly targeted by Russian-sponsored cyber actors, become incidental victims of Russian-deployed malware and destructive cyberattacks, and that those attacks have the potential to disrupt the mission-critical service providers of hospitals. While hospitals and health systems may not be the primary targets of cyberattacks, there is still potential for collateral damage, as was the case with the spillover of the NotPetya wiper malware attacks in Ukraine in 2017, which spread globally and disrupted operations at a large U.S. pharmaceutical company, a major U.S. health care communications company, and several U.S. hospitals.
Hospitals and health systems have been advised to review the security alerts published by CISA, the FBI, NSA to better understand the threats they face and implement the recommended mitigations to prepare for possible attacks, enhance their cyber posture, and increase organizational vigilance. The Health Information Sharing and Analysis Center (Health-ISAC) has said it will be increasing its reports and intelligence for its members and will provide strategic analysis and information about the implications of the Russia-Ukraine conflict on the healthcare industry and pharmaceutical firms.
The post Hospitals and Health Systems Warned of Elevated Risk of Destructive Cyberattacks appeared first on HIPAA Journal.