Protecting Our Health: Weekly Cybersecurity Brief

protecting our health
Share on facebook
Share on linkedin
Share on twitter
Share on email
Share on whatsapp

Discussion of healthcare and the upcoming election often intertwine when addressing policy. Their relation has certainly become increasingly critical as we face the many complications of the COVID-19 crisis. But recent ransomware attacks on hospitals across the United States demonstrate that the healthcare and election systems may have another similarity in cybersecurity vulnerabilities. Not only is sensitive information at stake in both circumstances, maintaining the health of one system could mean maintaining the health of the other.

In an article for The New York Times, Nicole Perlroth reported on the Russian hacking group, Energetic Bear, which “appears to be casting a wide net to find useful targets ahead of the election,” she wrote. Since September, cybersecurity officials have remained vigilant over hackers’ interests in state and local government computer systems. However, Energetic Bear stands out in that their previous targets included the power grid, water treatment facilities, nuclear power plants and, more recently, Wi-Fi systems at West Coast airports. While officials do not view the group’s latest activity as a direct threat to the election, looking at their collective actions hint that the energy sector and aviation related system attacks are a potential build up to tactics that can be applied to compromising election related databases like those that verify voters’ signatures on mail-in ballots.

Like Energetic Bear, the Ryuk ransomware attack on U.S. hospitals raises great concern of widespread impact. Ellen Nakashima and Jay Greene report in The Washington Post that six hospitals from California to New York have been affected by the data encrypting ransomware leading to an advisory from the FBI, the Department of Homeland Security and the Department of Health and Human Services. The ability to provide patients with proper medical procedures have been interrupted by this occurrence as facilities are having to pay large sums to regain access to and control of their systems. Another report on the health provider cyberattack from CNN explains that hospitals have been even more vulnerable to such an infiltration because of the stress of the pandemic. And, as the article states, Ryuk, the ransomware responsible for targeting other institutions such as  municipal governments, state courts and universities, can be much more complex to respond to according to Microsoft Corporate Vice President for Customer Security and Trust Tom Burt.

The attack carried out by a Russian-speaking group seems only coincidentally carried out during the same time as the election and only monetarily driven according to the AP News. But it is also explained in that article as in the CNN article that ransomware has also been used against cities like Baltimore and Atlanta and local governments. Kimberly Goody, a cybercrime analyst at Mandiant, tells The New York Times “They could use these same tools against whoever they want whether it’s the election or hospitals,” in an article by David E. Sanger and Nicole Perlroth.

Despite the differences between Energetic Bear and the Ryuk ransomware incidents, could they both be examples of “casting a wide net,” as Perlroth words it? Working to protect cybersecurity can mean preventing injury to people’s health and learning from that response can prevent possible injury to election health.

Key Takeaways:

“Russians Who Pose Election Threat Have Hacked Nuclear Plants and Power Grid” – Nicole Perlroth, The New York Times

  • Cybersecurity officials are keeping an eye on Russian hacking group, Energetic Bear, after September reports show that the group may pose a threat to American state and local government computer systems.
  • The group previously targeted energy sector facilities and attacked the Wi-Fi systems of some West Coast airports including San Francisco International Airport. The airport systems were reportedly targeted as a search for an individual.
  • Although officials do not see Energetic Bear’s activities as a direct attack on the election, they do view the group as seeking out opportunities for vulnerability. There is speculation that tactics used in these instances could be applied to aspects of voter databases.

“Hospitals being hit in coordinated, targeted ransomware attack from Russian-speaking criminals” – Ellen Nakashima and Jay Greene, The Washington Post

  • Within the last week, Russian-speaking cybercriminals carried out a Ryuk ransomware attack on U.S. hospitals that encrypted data leading to some facilities reportedly paying around $1 million to recover their systems.
  • This led to the interruption of patient care including having to cancel noncritical surgeries. Impacted facilities like Sky Lakes Medical Center in Klamath Falls, Oregon reported having to cancel treatments that are computer-controlled such as cancer treatments.
  • While officials say that this attack was not directed in relation to the election, the group has targeted government systems in the past. Microsoft and U.S. Cyber Command, the Pentagon’s offensive cyber unit, are working to prevent the botnet associated with Ryuk from applying such ransomware to voter registration systems, however.

“‘Perception Hacks’ and Other Potential Threats to the Election” – David E. Sanger and Nicole Perlroth, The New York Times

  • As the election nears, cybersecurity experts are monitoring potential hackers to prevent further incidents such as a ransomware attack on Georgia’s voter signature system. 
  • States like California and Indiana have also witnessed attacks on local government systems by Russia’s Federal Security Service.
  • While such attacks have been smaller, there is worry over such occurrences translating into greater perception that the election is hacked. Attacks at key local levels could still have impact on the election whether or in believed legitimacy. The attacks posed on energy facilities and airports as well as the ransomware attacks on hospitals also have the potential to threaten security of voting systems.

“Several hospitals targeted in new wave of ransomware attacks” – Vivian Salama, Alex Marquardt, Lauren Mascarenhas and Zachary Cohen, CNN

  • The US Cybersecurity and Infrastructure Security Agency released a warning advisory about the ransomware attack impacting hospitals and other healthcare providers.
  • This type of ransomware activity has increased over the past year especially as the global pandemic intensifies vulnerability.
  • Ryuk is considered a more sophisticated crypto-ransomware and has been used against organizations like municipal governments, state courts, hospitals, nursing homes, enterprises, and large universities.

“FBI warns ransomware assault threatens US healthcare system” – Frank Bajak, AP News

  • AP News reports that the ransomware attack impacted at least five hospitals but has the potential to impact the data security of hundreds more.
  • While the attack is not directly associated with the election, Alex Holden, CEO of Hold Security, relays that the stakes are even higher due to the state of the election in conjunction with the COVID-19 crisis.
  • Microsoft has had success combatting Trickbot, one of the networks Ryuk is disseminated through, but analysts still say that cybercriminals still have methods for spreading Ryuk.

Sources:

https://www.nytimes.com/2020/10/23/us/politics/energetic-bear-russian-hackers.html?referringSource=articleShare

https://www.washingtonpost.com/national-security/hospitals-being-hit-in-coordinated-targeted-ransomware-attack-from-russian-speaking-criminals/2020/10/28/e6e48c38-196e-11eb-befb-8864259bd2d8_story.html

https://www.nytimes.com/2020/10/28/us/politics/2020-election-hacking.html

https://www.cnn.com/2020/10/28/politics/hospitals-targeted-ransomware-attacks/index.html

https://apnews.com/article/fbi-warns-ransomware-healthcare-system-548634f03e71a830811d291401651610

Discover More: