How Russia-Ukraine Is Intensifying Healthcare Cyber WorriesJohn Riggi and Carolyn Crandall Discuss the Top Threats
Threats involving the Russia-Ukraine war are exacerbating cybersecurity pressures on healthcare sector entities in the U.S. and globally, according to John Riggi, national adviser for cybersecurity and risk at the American Hospital Association and Carolyn Crandall, chief security advocate at Attivo Networks, who explain why.
Among the biggest worries for U.S. hospitals right now is the threat of destructive wiper malware and related attacks by Russian-backed actors aimed at the Ukraine spreading "uncontrollably" across the globe - and inadvertently striking U.S. healthcare or mission-critical third-party providers, Riggi says in an interview with Information Security Media Group.
Similar incidents have occurred before, he points out, most notably in the 2017 NotPetya ransomware attack.
"The Russian military GRU launched the very destructive malware variant NotPetya against the Ukraine, and that digital virus spread globally like a biological virus out of control and infected any organization that came into contact with it," he says.
The attack affected a range of organizations across the world, including U.S. pharmaceutical company Merck and medical transcription vendor Nuance Communications. It ultimately disrupted care by providers across the country and affected many hospitals, Riggi says.
Other heightened threats tied to the Russia-Ukraine conflict involve cybercriminal organizations that have been provided "safe harbors" by the Russian government - including the Conti ransomware group, which has been very active in its attacks on U.S. hospitals and other segments of the healthcare sector, he says.
Indeed, the level and depth of threats facing the healthcare sector are of extreme concern, Crandall says in the same interview with ISMG.
"It is really unprecedented times. We have our day-to-day threats, and healthcare providers are really challenged," she says. "Healthcare is a very distributed and unique environment. It's not just a typical business network, but medical networks, people working remotely, remote care … a lot of legacy equipment … so many factors," she says.
"Attackers are finding a lot of creative ways of getting in … They're looking at identities and coming in as imposters and finding ways to escalate their privileges inside the network … to gain access to critical infrastructure," she says. "And now you have Russia-Ukraine on top of everything."
In the interview, Riggi and Crandall also discuss:
- Security challenges that are putting healthcare sector entities most at risk;
- Top identity issues, including human versus nonhuman machine identities;
- Pandemic-related security challenges still facing healthcare sector entities.
Riggi is national adviser for cybersecurity and risk at the American Hospital Association, which has more than 5,000 member hospitals in the U.S. He previously served for 30 years in the FBI in a variety of leadership roles, including as representative to the White House Cyber Response Group. He also was a senior representative to the CIA, serving as the national operations manager for terrorist financing investigations.
Crandall is chief security advocate at security vendor Attivo Networks, which is in the process of being acquired by security automation firm SentinelOne. She has worked for over 30 years with enterprise infrastructure companies, including holding leadership positions at Cisco, Juniper Networks, Nimble Storage, Riverbed, and Seagate.