Shields Up: Ukraine and the Need for Heightened Cybersecurity

  • Health care and life sciences
  • 2/28/2022

Health care has long been a target of cyber threats, but the current invasion of Ukraine heightens your need for cybersecurity.

Today’s blog is written by Randall J. Romes, CISSP, CRISC, CISA, MCP, PCI-QSA, Principal, Cybersecurity 

Health Care organizations are feeling the impact of escalating global tensions as the resulting conflicts now have a significant cyber component.  While your particular health care organization may not be a direct target, the likelihood of being affected as an indirect target in a broader campaign or as collateral damage has increased significantly as opposition nation state cyber actors seek to disrupt communications and operations of critical infrastructure.

Your health care organization can expect to experience disruptions that include distributed denial of service (DDOS) attacks against in-house infrastructure that disrupt your information systems ability to function or communicate, DDOS attacks against cloud hosted solutions providers, intrusions via phishing and password guessing attacks that result in ransomware, and attacks and disruptions targeting supply chain providers of critical or important business supplies and services. 

The specific attack vectors (eg. phishing campaign scenario, malware strain, type of ransomware, etc.…) will change frequently. Foundational strategies within your information security program to mitigate these risks to your health care operations and systems should include:

  • Regular/periodic IT and Cyber risk assessment
  • Disciplined application of security hardening standards with documented exception management
  • Resources with enough time to monitor and fine tune Health Care systems, including proactive software update and patching
  • Periodic testing of cybersecurity including People, Processes AND Technology
  • Periodic testing and practice of Incident Response, Disaster Recovery, and Business Continuity capabilities

White House Letter to Business Leaders on Specific Tactics

White House Letter to Business Leaders – “What we urge you to do now”

In addition to the broad strategies described above, the White House and Federal Government issued a memo to business leaders recommending the following five specific tactics to immediately execute to harden and safeguard your network and health care systems:

  1. Back up your data, system images and configurations, regularly test the backups, and keep them offline. Maintaining current backups offline is critical because if your network data is encrypted with ransomware, your organization can restore systems
  2. Update and patch systems promptly. This includes maintaining the security of operating systems, applications, and firmware, in a timely manner. Consider using a centralized patch management system; use a risk-based assessment strategy to drive your patch management program
  3. Test your incident response plan through tabletop exercises or actual system tests. The best way to identify gaps in plans is to test the plans. Run through intrusion scenarios and some core questions and use those to build an incident response plan: Are you able to sustain business operations without access to certain systems? For how long? Would you turn off your manufacturing operations if business systems such as billing were offline?
  4. Check your (IT) Security Teams work. Use a 3rd party penetration tester to test the security of your systems and your ability to defend against a sophisticated attack. Many ransomware criminals are aggressive and sophisticated and will find the equivalent of unlocked doors.
  5. Segment your network. Ransomware attacks have evolved from stealing data to disrupting operations. Your administrative business functions and health care operations/production operations need to be isolated/separated with filtering between isolated segments to limit internet access to operational networks, identify links between these networks and develop workarounds or manual controls to ensure health care operations networks can be isolated and continue operating if your administrative network is compromised.

Read the White House Letter to Business Leaders. 

Finally: Plan for Intrusion and Breach

Additionally, always have a plan for intrusion and breach.

First, develop an incident response program and plan that:

  • Includes the appropriate procedures
  • Ensures points of contact are included
  • Is kept up-to-date
  • NIST has a standard that can be used as a starting point (NIST 800-61)

Second, establish relationships with key incident responders, such as:

  • Breach counsel
  • Forensic provider
  • Public relations
  • Understand (ahead of time) what your insurance will require, support, and allow.

How We Can Help

Access more information including CISA and Department of Homeland Defense recommendations on CLA’s cybersecurity blog:

Contact CLA’s Health Care Cyber and IT team for assistance in assessing and developing mitigation strategies for these ongoing threats.

This blog contains general information and does not constitute the rendering of legal, accounting, investment, tax, or other professional services. Consult with your advisors regarding the applicability of this content to your specific circumstances.

Experience the CLA Promise


Subscribe