While criminal organizations and chaos actors are responsible for a significant percentage of ongoing cyberattacks on organizations’ data and information systems, a Another growing threat comes from nation-state perpetrators.
For example, earlier this year, when Russia’s war with Ukraine began, the American Hospital Association issued warnings to hospitals and health systems to remain vigilant against cyberattacks as the conflict escalates.
On July 6, the Cybersecurity and Infrastructure Agency, along with the FBI and Department of the Treasury issued a warning about North Korean-sponsored hackers that have been targeting the medical and public health sectors in the US for more than a year.
And the US Infrastructure and Cybersecurity Agency issued a warning – among many others in recent years – in November 2021 highlighting malicious activity from an advanced persistent threat group linked to the Iranian government.
Hospitals and health systems must prepare for potential nation-state attacks. There are many precautions that healthcare organizations can take, such as having visibility into how dangerous an organization is to cyber risks to enable appropriate response, remediation, and remediation. make informed decisions.
Andrew Hollister is chief security officer at security information and event management technology provider LogRhythm and vice president at LogRhythm Labs. We interviewed him to find out his views on country-level cyberattacks and learn some of the best practices that CIOs, CISOs, and other IT and infosec leaders can adopt. .
Q. How would you describe today’s climate for nation-state cyberattacks against targets in the United States?
ONE. As evidenced by both the number of attacks reported in the press, as well as the initiatives taken by various agencies within the US government, which is unfortunately the air for cyberattacks. continues to be very favorable.
Historically, we have often used the fact that a cyber attack occasionally pops up in the mainstream media as a signal that a threshold has been crossed or something of a peculiar nature. malicious or cruel distinctions have been released. However, today we see cyberattacks in the mainstream media almost every day, which shows us the alarming state of the threat landscape today.
Furthermore, we see US government agencies issuing guidance and indeed the president himself signed an explicit executive order aimed at improving the country’s cybersecurity and protecting federal networks.
The order recognizes “persistent and increasingly sophisticated campaigns” that threaten both the private and public sectors, and states that “prevention, detection, assessment, and remediation of cyber incidents are a top priority.” and essential to national and economic security.”
No one should doubt that every organization’s digital assets are at risk, whether directly targeted by a state actor, or so-called collateral damage in a broader cyber attack. Some attackers target more indiscriminately. For example, WannaCry may not directly target the UK Health service; however, the service was vulnerable to attacks and the attack resulted in a significant impact.
Q. Why are nation-state attackers prioritizing U.S. healthcare providers as targets?
ONE. There are two main reasons why country attackers can target US healthcare providers but first let me say that country attacks themselves are an algorithm. broad language. It includes both direct action by a nation-state, but also by criminal subjects tacitly approved or simply protected by a nation-state.
This is where the confusion comes in. A state may be interested in gaining a technological advantage, causing disruption or confusion, or directly interfering with the target country, while a criminal gang is ultimately likely to profit. financial returns when all is said and done.
One of the main reasons healthcare is such a goal is because of the complex and unique nature of those environments. Healthcare providers may hold large amounts of personal information, billing information, as well as medical research.
Additionally, they can run across multiple physical or even campus locations and operate both corporate networks and healthcare-specific devices, some of which can be connected. with people. Complexity is the enemy of security, where simply getting a complete picture of assets and their risk status is a critical task, and that is before looking at the data held by the organization. hold.
Over the past few years, we’ve also seen an increase in smaller healthcare organizations falling prey to cyberattacks. There could be a combination of reasons behind this, but certainly budget and expertise could be the main factors here.
A small organization may not have the resources to invest in cybersecurity and lack the in-house expertise to understand where its key risks lie. It’s certainly not an easy decision to make when your budget is limited and you have to choose between direct-to-patient services and more investment in cybersecurity.
However, in today’s threat landscape, cybersecurity must still be a priority for all organizations.
Q. How should US healthcare providers prepare for attacks from other countries?
ONE. Everything starts with understanding the basics and executing them perfectly. For example, the Internet Security Center and the SANS Institute have developed Critical Security Controls. Just basic implementation of these controls has been shown in several studies to prevent 85% of cyber attacks.
However, organizations continue to fall short of the most basic controls around software and asset management, identity and vulnerability management, and things like multi-factor authentication. .
The executive order I mentioned as well as the OMB required Federal agencies to implement Zero Trust and with good reason. By default, all entities are untrusted, least privileged access is enforced, and comprehensive security monitoring is performed, which is a big step forward in ensuring the security of everyone. environment.
Organizations ultimately require something more than preventative security – it’s widely accepted by the industry that that’s when, not if, you’ll encounter a cyberattack that breaches your defenses, and therefore, detection and response capabilities are critical in securing an organization against threat actors with the resources or support of a nation-state.
Q. You recommend that a provisioning organization have its current visibility into cyber risks to enable appropriate response, remediation, and informed decision making. Please explain.
ONE. The attack surface in healthcare organizations is both broad and complex, and with the potential to directly impact patient health, the top priority is to keep patient services available and ensure that patient services are available. tell. Perhaps nowhere else is the trio of security, integrity, and usability more relevant.
It’s impossible to protect what you can’t see, and CIS’s Critical Security Controls address understanding exactly what you’re protecting early on – both assets and data, whether it’s personally identifiable information or intellectual property of one form or another.
Armed with that knowledge, you can build a strategy for both prevention technology as well as to detect and respond to active threats.
People should realize that while they may not be directly targeted by nation-state threat actors, they can be impacted as collateral damage or through a compromise. supply chains have a much broader impact.
The need for constant vigilance and visibility across the entire environment is essential if bad actors of all kinds are to be detected and stopped before they achieve their ultimate goal of disruption. , destroy or clean data.
In this effort, it is important for teams to be equipped with high-quality signals and automated response capabilities so that they can confidently defend against cyberattacks. Noise reduction for security analysts is one of the most important levers for empowering security teams to successfully respond to and remediate cyber risks.
Twitter: @SiwickiHealthIT
Email the writer: [email protected]
Healthcare IT News is a publication of HIMSS Media.
