AHA: Russia’s Invasion of Ukraine Could Lead to Healthcare Cyberattacks

The American Hospital Association (AHA) urged hospitals and health systems to remain vigilant against healthcare cyberattacks amid Russia’s invasion of Ukraine.

“The [US] government and NATO allies immediately responded to Russia’s actions with a series of economic and military sanctions,” the advisory stated.

“Now there is a concern that Russia may retaliate against the [US] and allied nations with disruptive cyberattacks in furtherance of its military and political objectives.”

The AHA noted that Russia previously deployed cyberattacks against Ukraine to disrupt its communications, financial institutions, and the electrical grid. In addition, previous Russian military cyber operations against Ukraine led to collateral damage the US healthcare sector, resulting in US indictments relating to NotPetya malware.

With these recent actions in mind, it is possible that Russia will turn to cyberattacks again as a weapon against adversaries.

The Cybersecurity and Infrastructure Security Agency (CISA) recently issued a “Shields Up” advisory urging organizations across the public and private sectors to employ enhanced security measures.

“CISA recommends all organizations—regardless of size—adopt a heightened posture when it comes to cybersecurity and protecting their most critical assets,” the advisory stated.

The AHA identified three concerns for the healthcare sector regarding increased Russian-borne cyber threats:

1. hospitals and health systems may be targeted directly by Russian-sponsored cyber actors;
2. hospitals and health systems may become incidental victims of, or collateral damage to, Russian-deployed malware or destructive ransomware that inadvertently penetrates U.S. health care entities; and
3. a cyberattack could disrupt hospitals’ mission-critical service providers.

Healthcare professionals should share this information with their organization’s IT and cybersecurity teams. It is also crucial to communicate cyber risks to the C-suite.

Organizations should also exercise geo-fencing for all inbound and outbound traffic relating to Ukraine and surrounding regions.

Although geo-fencing may help to mitigate some cyber risks, “it will have limited impact in reducing indirect risk, in which malware transits through other nations, proxies and third parties,” AHA cautioned.

Healthcare organizations should monitor network traffic closely, especially active directory, and educate employees about phishing and malware.

“AHA also recommends that organizations identify all internal and third-party mission-critical clinical and operational services and technology; in doing so they should put into place four-to-six week business continuity plans and well-practiced downtime procedures in the event those services or technologies are disrupted by a cyberattack,” the advisory continued.

Along with business continuity and cyber incident response plans, organizations should, employ endpoint security measures, maintain reliable data backups, and revisit their security protocols to ensure cyber resiliency.

All critical infrastructure sectors must remember that even if their organization is not directly targeted, they could become collateral damage as geopolitical tensions rise.