Sikov - stock.adobe.com

Sens. to DHS CISA: Issue COVID-19 Cyber Threat Guidance for Healthcare

Given the steady increase in COVID-19 cyber threats, a group of Senators are asking DHS CISA and its partners to develop and issue cybersecurity guidance for the healthcare sector.

In light of the rapid increase in COVID-19 cyber threats, the Department of Homeland Security Cybersecurity and Infrastructure Security Agency and the US Cyber Command are being asked to develop and issue cybersecurity guidance to support the healthcare sector during the pandemic.

The letter, led by Sens. Richard Blumenthal, D-Connecticut and Mark Warner, D-Virginia, as well as three other Senators, raises “profound concerns” about the “unprecedented and perilous campaign of sophisticated hacking operations” from both domestic and foreign threat actors.

“The cybersecurity threat to our stretched and stressed medical and public health systems should not be ignored,” the Senators argued. “Prior to the pandemic, hospitals had already struggled to defend themselves against an onslaught of ransomware and data breaches. Our hospitals are dependent on electronic health records, email, and internal networks that often heavily rely on legacy equipment.”

“Even a minor technical issue with the email services of the Department of Health and Human Services meaningfully frustrated efforts to coordinate the federal government’s service,” they added. “Disinformation, disabled computers, and disrupted communications due to ransomware, denial of service attacks, and intrusions means critical lost time and diverted resources.”

To the Senators, a disruption of service tied to a cybersecurity incident could be a matter of life and death when it comes to healthcare, public health, and research sectors during the pandemic.

In response, they’re asking CISA and Cyber Command to collaborate on resources specific to the healthcare sector to defend against these sophisticated threats, including providing both private and public cyber threat intelligence information on cyberattacks that impact the healthcare sector, including indicators of compromise, malware, and ransomware.

Further, CISA and Cyber Command should coordinate with the FBI, Federal Trade Commission, and HHS, in order to improve public awareness on cyberespionage, cybercrime, and disinformation campaigns that target employees and consumers, especially around telework.

The Senators also requested the agencies provide threat assessments, resources, and other guidance to the National Guard Bureau in support of state public health department and local emergency management’s critical infrastructure.

They’re also asked to consult with partners in the research, public health, and private healthcare sectors, including government and private healthcare councils, to determine what information and resources are needed to bolster health IT system security, including vulnerability detection and threat hunting tools.

The cyber agencies should also consider releasing public statements on COVID-19 hacking and disinformation campaigns to raise awareness and “put adversaries on notice,” as well as evaluating what steps are needed to defend, detect, and deter attempted cyberattacks and other exploits that could interfere with the overall healthcare and research sectors.

“Unless we take forceful action to deny our adversaries success and deter them from further exploiting this crisis, we will be inviting further aggression from them and others,” the Senators wrote.

Indeed, the pandemic has seen a steady stream of alerts from the Office for Civil Rights, the FBI, DHS CISA, and a host of security researchers about the methods hackers are leveraging to take advantage of Coronavirus fears for their financial gain, from business email compromise scams to videoconferencing hijacking.

According to the Senators, foreign threat actors pose a serious threat to the healthcare sector, as hacking groups from Russia, China, Iran, and North Korea have all targeted providers with Coronavirus-related campaigns in recent weeks.

One of the largest campaigns originated from the advanced persistent threat group from China, APT41, which carried out one of the biggest hacking campaigns seen from the country in recent years. The campaign targeted vulnerabilities in popular networking equipment, cloud software, and IT management tools, as reliance upon this technology has increased for telework and telehealth during this pandemic.

Specifically, the new Chinese espionage campaign targets the healthcare and pharmaceutical nonprofits, as well as other organizations responding to the pandemic.

While, the “APT41’s campaign also appears to reflect a broader escalation from Chinese groups in recent weeks,” other countries are targeting the sector, as well. The State Department has seen a mass amount of disinformation campaigns designed to undermine the US response to the pandemic.

 The Senators also stressed they’re willing to provide further resources to support this effort. Most recently, the American Medical Association and American Hospital Association released guidance specific to the healthcare telework environment.

Next Steps

Dig Deeper on Cybersecurity strategies