cyberwarfare international

Ukraine, Russia and Cybersecurity

Cybersecurity experts are warning that healthcare organizations should be on high alert for attacks caused by malware variants being used by Russia against Ukraine. Even if an attack is not specifically aimed at U.S. organizations, malware can travel through networks on the internet and cause severe damage inadvertently.

We’ve received warnings about cyber attacks from Russia before: in late 2020, a major intrusion through SolarWinds software hit U.S. government networks at the highest levels, private companies and  healthcare organizations. In 2021, the warnings continued, and the American Hospital Association (AHA) published a white paper, Strategic Threat Intelligence: Preparing for the Next “SolarWinds” Event. This AHA analysis and advice from last year remains true today.

In January before the attack on Ukraine, warnings came from the Cybersecurity and Infrastructure Security Agency (CISA), the FBI, and the National Security Agency (NSA); they issued a joint advisory regarding persistent cyber threats coming from Russian state-sponsored threat actors.

In the wake of the Ukraine invasion, more warnings are coming from the CISA, the FBI, HC3 (HHS’ Health Sector Cybersecurity Coordination Center), and the AHA.

  • CISA and the FBI released a joint advisory to warn organizations about HermeticWiper and WhisperGate malware, two destructive malware variants that have been used to target organizations in Ukraine.
  • HC3 is warning healthcare organizations to remain on high alert due to HermeticWiper malware. Cyber attackers used HermeticWiper against systems in Latvia, Lithuania, and Ukraine hours before Russia’s invasion.
  • AHA joins the discussion and warns that “hospitals and health systems may become incidental victims of, or collateral damage to, Russian-deployed malware or destructive ransomware that inadvertently penetrates U.S. health care entities.”

Focusing on healthcare, the AHA identifies three concerns regarding increased cyber threats from Russia:

  1. hospitals and health systems may be targeted directly by Russian-sponsored cyber actors;
  2. hospitals and health systems may become incidental victims of, or collateral damage to, Russian-deployed malware or destructive ransomware that inadvertently penetrates U.S. health care entities; and
  3. a cyberattack could disrupt hospitals’ mission-critical service providers (including business associates).

Use HIPAA Risk Management to Prevent Damage

Your IT team is likely already receiving warnings about these current increased risks. But be sure to share this information with them and you can bolster your organization’s team approach to cybersecurity defense. Senior management and the C-suite should also be made aware of increased cyber risks, to help secure resources to strengthen your Risk Management capabilities. Finally, let your business associates know, or if you are a business associate, let your subcontractor BAs know.

Even though the recent warnings sound dire, there is a lot you can do to take control and reduce your risks. If you need help or have questions about what steps to take, let us know.

Share This Post

Maggie Hales

Maggie Hales is a lawyer focusing on health information privacy and security. As CEO of ET&C Group LLC she advises health care providers and business associates in 36 states, Canada, Egypt, India and the EU, using The HIPAA E-Tool® to deliver up to date policies, forms and training on everything related to HIPAA compliance.

Copyright © 2023 ET&C Group LLC.

The HIPAA E-Tool® and Protecting Patient Privacy is Our Job®
are registered trademarks of ET&C Group LLC

Terms of Use | Privacy Policy | Cookies Policy | Privacy Settings | HTML/XML Sitemap

Mailing Address
The HIPAA E-Tool
PO Box 179104
St. Louis, MO 63117-9104

Office
8820 Ladue Road Suite 200
St. Louis, MO 63124

Powered by JEMSU