Nation State Cyber Threats Targeting Intellectual Property

Apr 24, 2018 - 09:32 AM by
John Riggi, National Advisor for Cybersecurity and Risk, AHA

Cybersecurity is at top of mind for many organizations that work diligently to protect their intellectual property (IP) and consumers, and with good reason. On April 16, 2018, the Federal Bureau of Investigation (FBI) and Department of Homeland Security (DHS) issued a technical bulletin indicating Russian state-sponsored actors were targeting network Infrastructure devices worldwide. The FBI has high confidence that Russian state-sponsored cyber actors are using the compromised routers to conduct man-in-the-middle attacks to support espionage, extract intellectual property, maintain persistent access to victim networks, and potentially lay a foundation for future offensive operations.

In addition, on March 23, 2018, the FBI announced the indictment of nine Iranians working on behalf of the Iran’s Islamic Revolutionary Guard Corps (IRGC) at the Mabna Institute in Iran. It is alleged these individuals used cyber tactics to steal data from 144 U.S.-based universities and 176 universities based in foreign countries. The FBI also issued a technical FLASH bulletin in relation to this cyber threat. The defendants targeted data across all academic disciplines including medical research. This cyber threat and the stolen information may have serious implications across all critical infrastructure sectors, including the health care field and locations where sensitive medical research is being conducted.

These cases serve as a reminder that all organizations must remain vigilant and ensure the proper cybersecurity procedures and controls are in place and practiced. While the stolen information may not retrievable, steps can be taken to mitigate the Mabna threat and other nation-state-sponsored cyber threats to academic medical centers, hospitals and health systems. This will help safeguard medical research and, most importantly, protect patients. Some of these mitigating procedures include:

  • Using lengthy, complex passwords
  • Limiting online contact information and presence, including social media presence of those organizations and individuals involved in conducting sensitive academic or medical research
  • Using multi-factor authentication for both work and personal email, remote network access and sensitive data base access
  • Using a separate public facing email, which is in no way similar in structure or connected to your internal organizational email—for those individuals involved in sensitive research who must have a public presence
  • Considering the practice of storing IP in network segmented, limited and monitored access, encrypted data bases
  • Knowing who else has access to and stores your IP—such as business associates, other researchers, vendors and law firms
  • Encrypting sensitive data at rest and in transit
  • Refraining from storing sensitive data and research via email
  • Having efficient and effective cybersecurity logging and incident alert capabilities
  • Refraining from clicking on a suspicious or unexpected email or link
  • Reviewing the included link to the FBI FLASH Bulletin for additional preventive measures recommended by the FBI

Adversarial nation states, like Iran and Russia, will continue to aggressively and broadly use cyber tactics and malware to steal sensitive intellectual property from the United States – targeting our government, private sector and academic community. By being vigilant and proactive, we can all play a part in preventing cyberattacks, which may threaten public health and safety, national security and economic security.

Related News Articles

Headline
Agencies issue joint report on memory safety vulnerabilities in open source projects
A joint report released June 26 by the Cybersecurity and Infrastructure Security Agency, FBI, the Australian Cyber Security Centre and Canadian Centre for…
Headline
Bulletin alerts health sector to cyberthreat exploits on TeamViewer
The Health Information Sharing and Analysis Center June 27 issued a threat bulletin alerting the health sector to active cyberthreats exploiting TeamViewer. H-…
Headline
FBI, HHS issue advisory on cyberthreat actors targeting health care to divert payments
The FBI and Department of Health and Human Services June 24 released an advisory about cyberthreat actors targeting health care organizations in attempts to…
Headline
HHS alerts health sector to cyberthreat from Qilin ransomware group 
The Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center (HC3) this week released an advisory about Qilin, formerly "Agenda…
Headline
Change Healthcare begins notifying customers with compromised patient data following cyberattack 
Change Healthcare June 20 began notifying health care providers and other customers with patient data stolen following February’s cyberattack, the company…
Headline
CMS to close program addressing Medicare funding issues resulting from Change Healthcare cyberattack 
The Centers for Medicare & Medicaid Services June 17 announced it will close its accelerated and advance payment program July 12 for Medicare providers and…