Nation-state cyberattacks are on the rise. Here’s wow to stay vigilant

Nation-state attacks have been a daily threat for years. Even though news headlines are focused on Russia’s invasion of Ukraine, IT professionals know all too well that these threats are not new. Cyber attacks from Russia, China, Iran, and North Korea have been ever-present threats in the last six years, if not longer.

While the predicted wave of attacks from Russian state-sponsored groups–and those sympathetic to their cause–has not yet come to pass, there is heightened concern for cybersecurity professionals, especially within the United States.

HealthIT Security‘s analysis of the HHS Office for Civil Rights (OCR) data breach portal shows that over 6.8 million individuals have been impacted from the 132 breaches reported in the first three months of 2022. As organizations have 60 days to declare incidents, these numbers are expected to rise, reinforcing the “not if but when” mindset of many cybersecurity professionals.

Impacts on healthcare

A cybersecurity attack originating from any threat group, whether it’s ransomware or distributed denial of service attacks, would have a significant impact on a health system, its patients, and its community. Such incidents can leave systems inaccessible or non-functioning, directly inhibiting healthcare providers’ ability to treat patients or continue with normal business functions.

Cybersecurity response actions

Here are some response actions and resources to consider to strengthen your healthcare organization’s cybersecurity posture:

• Recall and employ the fundamentals of cybersecurity
• Consider DNS white-listing. A more effective tactic than geofencing, this practice enables organizations to control access to their environments from known-good sources considering an attack will be routed through a geographic region that would circumvent geofencing
• Implement additional protections to the endpoint (workstation and server alike), such as reputable endpoint detection and response technologies
• Review your incident response plan, test backups, and consider secondary and tertiary recovery measures
• Perform an audit of your users and their accesses, especially to public-facing resources, considering the principle of least privilege
• Collect and document emergency contact information so you know who to call for help when you need it

Cybersecurity references and resources

• From crisis to recovery: Lessons learned from a hospital’s ransomware attack
• How to Build a Medical Device Security Program: Previously Presented at HIMSS ’22 – 4.20.22
• IR Program Maturity: How to Prepare for the Worst Day Ever- 5.3.22
• Healthcare Managed Detection and Response On-Demand Webinar
• VTM in Healthcare What You Need to Know
• Video: Fortified Health Security Briefing on Cyber Insurance

Industry organizations

• CHIME
• AEHIS
• CISA
  • Known Exploited Vulnerabilities Catalog
  • Readout From CISA’S Second Cybersecurity Advisory Committee MEETING
  • Regional Offices
• HHS OCR Breach Portal –  aka “Wall of Shame”

Articles

• The Cybersecurity Risks of an Escalating Russia-Ukraine Conflict
• Exclusive: FBI Braces for Russian Cyber Attacks in the U.S. as Ukraine Tensions Rise
• Russian cyberattacks could soon strike the West, analysts say. ‘The risk right now is high and rising
• U.S. Companies Should Prepare for Putin’s ‘Gangster Diplomacy’ As Risk of Russian Cyberattacks Grows
• 1.4M Victims, 30 Healthcare Data Breaches Reported to HHS in March
• The U.S. is trying to fix medical devices’ big cybersecurity problem

Why cybersecurity in healthcare matters to us

We intimately appreciate that we’re all patients, which is why we demand more secure healthcare.

We deliver cybersecurity services, executed by passionate people with the goal of strengthening the cybersecurity posture of your healthcare organization.