Cybersecurity experts are warning that healthcare organizations should be on high alert for attacks caused by malware variants being used by Russia against Ukraine. Even if an attack is not specifically aimed at U.S. organizations, malware can travel through networks on the internet and cause severe damage inadvertently.

We’ve received warnings about cyber attacks from Russia before: in late 2020, a major intrusion through SolarWinds software hit U.S. government networks at the highest levels, private companies and  healthcare organizations. In 2021, the warnings continued, and the American Hospital Association (AHA) published a white paper, Strategic Threat Intelligence: Preparing for the Next “SolarWinds” Event. This AHA analysis and advice from last year remains true today.

In January before the attack on Ukraine, warnings came from the Cybersecurity and Infrastructure Security Agency (CISA), the FBI, and the National Security Agency (NSA); they issued a joint advisory regarding persistent cyber threats coming from Russian state-sponsored threat actors.

In the wake of the Ukraine invasion, more warnings are coming from the CISA, the FBI, HC3 (HHS’ Health Sector Cybersecurity Coordination Center), and the AHA.

• CISA and the FBI released a joint advisory to warn organizations about HermeticWiper and WhisperGate malware, two destructive malware variants that have been used to target organizations in Ukraine.
• HC3 is warning healthcare organizations to remain on high alert due to HermeticWiper malware. Cyber attackers used HermeticWiper against systems in Latvia, Lithuania, and Ukraine hours before Russia’s invasion.
• AHA joins the discussion and warns that “hospitals and health systems may become incidental victims of, or collateral damage to, Russian-deployed malware or destructive ransomware that inadvertently penetrates U.S. health care entities.”
  

Focusing on healthcare, the AHA identifies three concerns regarding increased cyber threats from Russia:

1. hospitals and health systems may be targeted directly by Russian-sponsored cyber actors;
2. hospitals and health systems may become incidental victims of, or collateral damage to, Russian-deployed malware or destructive ransomware that inadvertently penetrates U.S. health care entities; and
3. a cyberattack could disrupt hospitals’ mission-critical service providers (including business associates).

Use HIPAA Risk Management to Prevent Damage

Your IT team is likely already receiving warnings about these current increased risks. But be sure to share this information with them and you can bolster your organization’s team approach to cybersecurity defense. Senior management and the C-suite should also be made aware of increased cyber risks, to help secure resources to strengthen your Risk Management capabilities. Finally, let your business associates know, or if you are a business associate, let your subcontractor BAs know.

• Ensure your malware protection is up to date; patch and update all your software
• Review and update your Risk Analysis
• Update your Security Rule Checklist
• Refresh and revise your contingency plan – this is critical for business continuity in the event of a severe attack
• Check in with third party vendors – review your business associate due diligence requirements

Even though the recent warnings sound dire, there is a lot you can do to take control and reduce your risks. If you need help or have questions about what steps to take, let us know.