News Headlines Suggest Heightened Cybersecurity Awareness, IT Practitioners Know the Reality

Person typing on a laptop

Nation-State Attacks Have Been a Daily Threat for Years, Preparation is King

The headlines in the news continue to focus on the Russian invasion of Ukraine. As a result, organizations worldwide have reverberated with the increased probability of a cyber war being launched against critical infrastructure originating from Russian state-sponsored and sympathetic threat groups. While the predicted wave of attacks has not yet come to pass, there remains a heightened concern and borderline panic for cybersecurity professionals, especially within the United States.

The Fortified team wishes to convey a sense of intentional calm and poise despite news reports. Based on the principle that cyber-attacks from Russia, China, Iran, and North Korea have been an ever-present threat in the last six years, if not longer.

A recent article from HealthIT Security shared their analysis of the HHS Office for Civil Rights (OCR) data breach portal through the first three months of 2022. They’ve reported that 132 breaches reported so far in 2022 have impacted over 6.8 million individuals. Also noted is organizations have 60 days to declare incidents; these numbers are expected to rise. The increased probability changes very little; other than reinforcing the “not if but when” mindset so many have had in the cybersecurity industry.

Concerned professionals should acknowledge this and continue to focus on implementing sound decisions that will enhance their ability to prevent, if not prepare for and recover from an attack against their organization.

Impacts on Healthcare

A cyber security attack originating from any advanced persistent threat group, especially in a time of war, should be expected to affect the targeted organization significantly.

Advanced tactics and destructive outcomes like ransomware or distributed denial of service attacks should be anticipated. Such attacks will leave systems inaccessible or non-functioning, directly inhibiting healthcare providers’ ability to treat patients or continue with normal business functions.

Possible Response Actions

  • Recall and employ the fundamentals of security to their fullest extent.
  • Consider DNS whitelisting, which is more effective than geofencing; this practice enables organizations to control access to their environments from known-good sources considering an attack will be routed through a geographic region that would circumvent geofencing.
  • Implement additional protections to the endpoint (workstation and server alike), such as reputable endpoint detection and response technologies.
  • Review your incident response plan, test backups, and consider secondary and tertiary recovery measures.
  • Perform an audit of your users and their accesses, especially to public-facing resources, considering the principle of least privilege.
  • Collect and document emergency contact information to declare a cybersecurity incident to call for help when you need it efficiently.

The Fortified team has complied a collection of resources from our Best in KLAS team and other industry-recognized sources to aid your research efforts. Please don’t hesitate to contact us if you have any questions about this blog, Fortified Health Security, or healthcare cybersecurity.

References and Resources

Fortified Health Security Upcoming Learning Sessions

Organizations

References & Resource Articles

Fortified On-Demand Videos

Media