• IPG

Medtech, hospitals on alert for cyberattacks after Russia's invasion of Ukraine

Hospitals and medical device companies are on heightened alert for cyberattacks from Russian-sponsored hackers looking to target U.S. critical infrastructure after Russia's invasion of Ukraine last week, experts say.

While cybersecurity threats to healthcare and the medtech industry — including ransomware — have grown during the pandemic, the conflict has raised the threat level.

Nick Yuran, CEO of medical device security consulting firm Harbor Labs and who has worked in U.S. intelligence as a Russian linguist-analyst for 10 years before moving to the private sector, contends that given the "talents and resources" available to a state-sponsored actor such as Russia, the damage to America's healthcare system potentially could be catastrophic.

"We typically think of energy and finance as the most high-profile targets of a state-sponsored cyberattack, but an attack on healthcare infrastructure could be equally as disruptive," Yuran said. "A targeted cyberattack against military healthcare organizations, such as Military Health System or VA facilities, might be intended as a military operation. But, there would be no way to guarantee that such an attack would not inadvertently make its way into civilian healthcare since there are so many common resources and assets."

However, the American Hospital Association (AHA) on Feb. 23 issued a cyber advisory soon after Russia’s invasion of Ukraine warning that U.S. hospitals and health systems may be targeted "directly" by Russian-sponsored cyber actors, while also potentially "become incidental victims of, or collateral damage to, Russian-deployed malware or destructive ransomware that inadvertently penetrates" healthcare organizations.

Chris Gates, director of product security at medical device engineering firm Velentium, says the world is already seeing Russian data-wiper malware being used in Ukraine, coupled with ransomware, "in what appears to be a tactic akin to throwing the 'kitchen sink' at them." Gates argues that "such tools could easily spread beyond the intended targets" and impact hospitals and medical devices.

The first ransomware attack on a medical device was reported during the worldwide 2017 WannaCry attack, which successfully encrypted radiology equipment drives at hospitals and demonstrated the vulnerabilities of medtech. Hundreds of thousands of computers were compromised by the WannaCry ransomware in at least 150 countries, including the National Health Service in the United Kingdom, where the cyberattack froze computers at hospitals and closed emergency rooms. North Korea is widely believed to have been behind the attack.

"If cyberattacks begin, no one can tell for sure how wide the fallout might be, but what we have seen in the past is that it is usually wider than expected and not necessarily isolated to the target," Mac McMillan, CEO of cybersecurity consulting firm CynergisTek, wrote in an email. He pointed to the WannaCry attack as an example.

"Once started, these things are not always easily contained," McMillan said.

Mike Rushanan, director of medical security at Harbor Labs, believes that Russian-sponsored malware could exhibit the same characteristics as worms like WannaCry, which spread beyond their intended target to impact a broad set of Internet of Things (IoT), consumer and hospital IT devices, as well as associated healthcare systems and services.

"Russian state-sponsored actors are certainly capable of producing a similar type of attack, and even if healthcare is not the primary target, hospitals could be negatively affected potentially putting patients at risk," Rushanan said. "It's my opinion that any state-sponsored hacking campaign will be indirect. Malware will spread via a worm ... It'll be difficult to directly attribute to Russia."

Last month, the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation and the National Security Agency issued a joint advisory providing an overview of Russian state-sponsored cyber operations, including commonly observed tactics, techniques and procedures.

CISA followed that advisory with its own "Shields Up" alert earlier this month meant to convey a heightened national cybersecurity posture in an effort to better safeguard U.S. critical infrastructure, including healthcare.

"While there are no specific or credible cyber threats to the U.S. homeland at this time, Russia's unprovoked attack on Ukraine, which has involved cyber-attacks on Ukrainian government and critical infrastructure organizations, may impact organizations both within and beyond the region, particularly in the wake of sanctions imposed by the United States and our Allies," CISA said.

Kevin Fu, acting director of cybersecurity at the FDA's Center for Devices and Radiological Health, recently said that attacks on healthcare facility networks are causing medical device "outages" that put patient lives at risk.

"Nation states and organized crime — real threat actors — are causing harm, damaging the safety and effectiveness of medical devices," Fu warned at AdvaMed's 2021 MedTech Conference in late September, around the same time The Wall Street Journal reported the first alleged death in a hospital attributed to ransomware.

1 view0 comments

Simple. Powerful. Cybersecurity.

IPG’s GearBoxTM is the first cybersecurity tool designed to secure and protect the Internet of Things (IoT).