President urges immediate hardening of U.S. cyber defenses due to potential Russian strike

Mar 22, 2022 - 02:17 PM
cybersecurity

President Biden yesterday urged an immediate hardening of private-sector cyber defenses “based on evolving intelligence that the Russian Government is exploring options for potential cyberattacks.” In tandem with the president’s statement, the White House issued a fact sheet detailing steps organizations can take to protect against potential cyberattacks. Foremost among those steps are the implementation and mandated use of multi-factor authentication. View the AHA Cybersecurity Advisory below. 
 

Cybersecurity Advisory

March 21, 2022
 

President Urges Immediate Hardening of U.S. Cyber Defenses Due to Potential Russian Strike

Download the Cybersecurity Advisory


President Biden today urged an immediate hardening of private-sector cyber defenses “based on evolving intelligence that the Russian Government is exploring options for potential cyberattacks.”

In tandem with the President’s statement, the White House issued a fact sheet detailing steps organizations can take to protect against potential cyberattacks. Foremost among those steps are the implementation and mandated use of multi-factor authentication.

The AHA is closely monitoring the potential for increased cyber risks to the U.S. health system stemming from the ongoing military operations in the Russia/Ukraine region.

The Russian military has previously used cyberattacks against Ukraine to disrupt the electrical grid, communications capabilities and financial institutions. For example, destructive malware variants were found on Ukrainian networks in the period prior to Russia’s invasion and it was reported recently that cyber denial-of-service attacks, attributed to the Russian military, were launched against Ukraine’s Ministry of Defense, as well as its financial institutions and communications services. In 2017, the Russian military intelligence service launched the destructive NotPetya malware against Ukraine, which inflicted significant collateral damage to the U.S. health care sector.

As part of AHA’s efforts, John Riggi, the association’s national advisor for cybersecurity and risk, and a former senior executive in the FBI’s cyber division, remains in close coordination with the FBI, Cybersecurity and Infrastructure Security Agency and the Department of Health and Human Services regarding related threats which may pose a risk to U.S. health care.

WHAT YOU CAN DO

  • Share this Cybersecurity Advisory with your organization’s IT and cyber infrastructure teams.
  • Hospitals and health systems should visit the AHA Cybersecurity & Risk Advisory page to review alerts and bulletins for guidance on risk mitigation procedures, including increased network monitoring for unusual network traffic or activity, especially around active directory. Additionally, it is important to heighten staffs’ awareness of increased risk of receiving malware-laden phishing emails.
  • Geo-fencing for all inbound and outbound traffic originating from, and related to, Russia, Ukraine and its surrounding region may help mitigate direct cyber risks presented by this threat; however, it will have limited impact in reducing indirect risk, in which malware transits through other nations, proxies and third parties.
  • AHA also recommends that organizations identify all internal and third-party mission-critical clinical and operational services and technology; in doing so they should put into place four-to-six week business continuity plans and well-practiced downtime procedures in the event those services or technologies are disrupted by a cyberattack,
  • It is essential at this time to check the redundancy, resiliency and security of your organization’s network and data backups, and ensure that multiple copies exist: off-line, network segmented, on premises and in the cloud, with at least one immutable copy.
  • Ensure that emergency electric generating redundancy, resiliency and generator fuel reserves are in place and have been recently tested.
  • It is also critical that a cross-function, leadership-level cyber incident response plan be fully documented, updated and practiced. This should include emergency communications plans and systems.

FURTHER QUESTIONS

If you have any questions or information regarding these issues, contact John Riggi at jriggi@aha.org.

 

Other Resources

Cybersecurity: Embracing a Leadership Imperative

Health care is under attack as never before from cybercriminals, and the stakes are rising for hospitals and patient safety. Now there’s a potential threat from Russia. It’s time to make cybersecurity an enterprise-risk management strategy.

Cyber Threat Intelligence

View available Cyber Threat Intelligence reports, including FBI and TLP-White reports.

Related News Articles

Headline
Agencies issue guidance on mitigating cyberthreats with limited resources 
The Cybersecurity and Infrastructure Security Agency along with international agencies May 14 released guidance for high-risk nonprofit and other resource-…
Headline
Report: Delayed or missing payments increased for hospitals in first quarter
Hospitals and health systems nationwide saw a sizable increase in delayed or missing payments in first quarter 2024, according to a report released May 10 by…
Headline
Agencies warn of accelerating attacks on health care by Black Basta ransomware group
The Federal Bureau of Investigation, Cybersecurity and Infrastructure Security Agency, Department of Health and Human Services, and Multi-State Information…
Headline
DOJ charges Russian national with developing, operating LockBit ransomware
The Department of Justice May 7 announced more than two dozen criminal charges against Dimitry Yuryevich Khoroshev, 31, of Voronezh, Russia, for his alleged…
Headline
AHA, other hospital groups urge UHG to formalize breach notification plans following Change Healthcare cyberattack 
The AHA and other national hospital groups May 8 sent a letter to UnitedHealth Group, urging the organization to formally accept responsibility for issuing…
Headline
CISA extends comment period for proposed rule on cyber incident reporting
The Cybersecurity and Infrastructure Security Agency May 3 extended the comment period to July 3 for the April 4 proposed rule that would implement cyber…