Nation-State Attacks Have Been a Daily Threat for Years, Preparation is King
The headlines in the news continue to focus on the Russian invasion of Ukraine. As a result, organizations worldwide have reverberated with the increased probability of a cyber war being launched against critical infrastructure originating from Russian state-sponsored and sympathetic threat groups. While the predicted wave of attacks has not yet come to pass, there remains a heightened concern and borderline panic for cybersecurity professionals, especially within the United States.
The Fortified team wishes to convey a sense of intentional calm and poise despite news reports. Based on the principle that cyber-attacks from Russia, China, Iran, and North Korea have been an ever-present threat in the last six years, if not longer.
A recent article from HealthIT Security shared their analysis of the HHS Office for Civil Rights (OCR) data breach portal through the first three months of 2022. They’ve reported that 132 breaches reported so far in 2022 have impacted over 6.8 million individuals. Also noted is organizations have 60 days to declare incidents; these numbers are expected to rise. The increased probability changes very little; other than reinforcing the “not if but when” mindset so many have had in the cybersecurity industry.
Concerned professionals should acknowledge this and continue to focus on implementing sound decisions that will enhance their ability to prevent, if not prepare for and recover from an attack against their organization.
Impacts on Healthcare
A cyber security attack originating from any advanced persistent threat group, especially in a time of war, should be expected to affect the targeted organization significantly.
Advanced tactics and destructive outcomes like ransomware or distributed denial of service attacks should be anticipated. Such attacks will leave systems inaccessible or non-functioning, directly inhibiting healthcare providers’ ability to treat patients or continue with normal business functions.
Possible Response Actions
- Recall and employ the fundamentals of security to their fullest extent.
- Consider DNS whitelisting, which is more effective than geofencing; this practice enables organizations to control access to their environments from known-good sources considering an attack will be routed through a geographic region that would circumvent geofencing.
- Implement additional protections to the endpoint (workstation and server alike), such as reputable endpoint detection and response technologies.
- Review your incident response plan, test backups, and consider secondary and tertiary recovery measures.
- Perform an audit of your users and their accesses, especially to public-facing resources, considering the principle of least privilege.
- Collect and document emergency contact information to declare a cybersecurity incident to call for help when you need it efficiently.
The Fortified team has complied a collection of resources from our Best in KLAS team and other industry-recognized sources to aid your research efforts. Please don’t hesitate to contact us if you have any questions about this blog, Fortified Health Security, or healthcare cybersecurity.
References and Resources
Fortified Health Security Upcoming Learning Sessions
- How to Build a Medical Device Security Program: Previously Presented at HIMSS ’22 – 4.20.22
- IR Program Maturity: How to Prepare for the Worst Day Ever- 5.3.22
- Learn More About the Fortified Ecosystem
- Monthly Healthcare Cybersecurity Roundtables
- Webinars, Briefings, and Simulations
- Healthcare Focused Cyber Threat Bulletins
- Fortified’s Services
- HHS OCR Breach Portal – aka “Wall of Shame”
References & Resource Articles
- The Cybersecurity Risks of an Escalating Russia-Ukraine Conflict
- Exclusive: FBI Braces for Russian Cyber Attacks in the U.S. as Ukraine Tensions Rise
- Russian cyberattacks could soon strike the West, analysts say. ‘The risk right now is high and rising
- U.S. Companies Should Prepare for Putin’s ‘Gangster Diplomacy’ As Risk of Russian Cyberattacks Grows
- 1.4M Victims, 30 Healthcare Data Breaches Reported to HHS in March
- The U.S. is trying to fix medical devices’ big cybersecurity problem
Fortified On-Demand Videos