In “Russian APTs: Why Stakes Are So High for Health Care Sector,” HealthcareInfoSecurity reported that federal authorities issued warnings to critical U.S. infrastructure organizations regarding Russian state-sponsored cyberthreats. Privacy, cybersecurity and data strategy counsel Jason G. Weiss addressed critical steps health care entities can take to defend against such attacks.
Weiss said, “Every concern about a possible legitimate cyberattack must raise an alarm, especially as it relates to the health care industry.” He added, “There has been a rash of cyberattacks recently from Russian ransomware gangs that have caused real distress and concern.” For example, “It looks like SolarWinds, a devastating cyberattack, was launched by a Russian criminal gang.”
Weiss also stated that federal law enforcement authorities are correct in their desire to warn the public of these threats so that businesses in all industries can see the depth and scope of the problem and hopefully start taking proactive measures to protect themselves from many of the different cyberattacks being used worldwide.
The health care and public health care sectors are “soft targets,” Weiss noted, “And when successful attacks are launched, these industries deal with life and death, and as such, are less able to deal with the dangers of cyberattacks, so the perception is they are more apt to pay ransom quickly.” Additionally, he detailed how organizations can use “rate limiting to block internet protocol (IP) addresses from which large numbers of failed logins originate in a short period of time.”
Further, Weiss explained that the APT29 attacks on organizations with COVID-19 intellectual property involved scans of their public-facing infrastructure, including remote access services for already known vulnerabilities for which exploits were already publicly available.
“Organizations can defend against such attacks by ensuring the timely patching of their infrastructure,” Weiss said. “Remote access services should receive higher-priority patching due to their popularity as targets during the COVID-19 pandemic and the rise of the remote workforce.”
Overall, Weiss emphasized that cyberattacks are a persistent global problem. “While Russian-backed cyber gangs are certainly a menace to the global economy and cybersecurity everywhere,” many other countries have “a plethora of cybercriminals” and “successful ransomware gangs and other elements of organized crime launching cyberattacks worldwide all day, every day.” He concluded, “This is not just a ‘Russian’ problem, sadly.”