Cyber Hygiene, Collaboration, and Preparedness: Keys to Resilience for a Healthcare Under Threat

By Klara Jordan

The cost of exploitation of vulnerable information and communications technology (ICT) systems is always high, but perhaps there is nothing higher than the potential human cost caused by cyberattacks on healthcare systems.

That is why the Global Cyber Alliance (GCA) is supporting and contributing to the Cyber4Healthcare initiative orchestrated by the CyberPeace Institute (CPI). The initiative connects healthcare organisations in need of cybersecurity advice and resources with a range of actors willing to offer cybersecurity assistance services free of charge.

For years, various threat reports have indicated that the healthcare sector is a prime target for ransomware attacks.

The healthcare community got its first serious taste of the potential effect of cyberattacks on its ability to operate during the May 2017 global ransomware attack known as WannaCry. A security researcher activated a kill switch in the evening of the same day the attack started, causing WannaCry to stop locking devices relatively early. Despite the rapid intervention, according to NHS England the WannaCry ransomware affected at least 80 out of the 236 trusts across England, either because they were infected by the ransomware or turned off their devices or systems as a precaution. A further 603 primary care and other NHS organisations were also infected.

There are several recent examples of this trend, putting additional strain on a system already pushed to its limits by the COVID-19 pandemic. In the past couple of months, hospitals, testing and medical facilities, government health agencies, and even the World Health Organization (WHO) have fallen victim to cyber operations with varying degrees of impact.

Research organisations and law enforcement agencies have confirmed the negative trajectory of the trend of exploiting the current pandemic by nation state actors and criminals. Nation state actors exploit the crisis to further their national security and foreign policy goals. According to Google researchers, they are increasingly using the pandemic as cover for digital reconnaissance and espionage.

Criminals profit from the COVID-19 pandemic by using social engineering attacks themed around the pandemic to distribute malware that spreads ransomware and unleashes ransom demands with unprecedented speed. Fraud schemes mercilessly exploit the anxiety and fear of victims, and the cost has already reached millions of dollars.

We will never know what the impact will be on individuals’ health when thousands of appointments and operations are cancelled and patients have to travel farther to accident and emergency departments because of WannaCry or other current cyberattacks, but this sample allows us to appreciate the potential impact of these types of incidents.

However, focused action, both at the strategic and the tactical level, can prevent harm to individuals as a consequence of cyberattacks.

At the strategic level, governments, international leaders, and international law experts have intensified efforts to curtail attacks on the healthcare sector.

For example, the Netherlands leads the UN’s efforts and recommends that countries include the healthcare sector on a list of critical infrastructure entities that states should not conduct or support cyber activities with. On 26 May, more than 40 former and current international leaders called on the world’s governments to take collective action to prevent and stop cyberattacks that target the healthcare sector, including working with civil society and the private sector to protect medical facilities. The International Committee of the Red Cross (ICRC) has been outlining rules which provide protection to the healthcare sector.

Given the urgency of the current crisis and the unrelenting efforts of adversaries, these strategic initiatives must be complemented through action.

CPI’s Cyber4Healthcare initiative positions itself on the tactical and practical level and aims to provide meaningful and timely assistance to hospitals, care facilities, clinics, labs, and clinicians, as well as pharmaceutical sciences, life sciences, and medical device companies that are researching, developing, manufacturing, and providing pandemic-related treatments to nongovernmental organisations (NGOs) and international nongovernmental organisations (INGOs) working to combat COVID-19.

The initiative builds on existing efforts and capabilities of supporting organisations such as Airbus, CybExer Technologies, Rapid7, and Unisys and will serve as a clearing house between requests for assistance and support that these organisations can provide.

GCA’s bias for action, along with our track record of providing practical tools that operationalize cyber hygiene to increase cyber resilience at scale, make us a natural partner for this initiative. We believe that basic cyber hygiene implemented at scale can make a real difference in protecting the healthcare ecosystem.

We will support the initiative by providing our free tools and associated assistance that will allow the organisations in need to:

  • Increase their email security with an easy-to-follow guide to facilitate adoption of DMARC, an email authentication standard that helps protect email domains from spoofers, spammers, and phishing scams. Ransomware attacks — the largest concern of the healthcare sector — often starts with a phishing attack. The goal of this attack is to either steal personally identifiable information (i.e., usernames, passwords, bank or credit card information), to orchestrate fraud (e.g., false wire transfer requests), or to infect systems with malware, such as ransomware or a keylogger. In addition, DMARC helps to prevent attacks in which malicious third parties send harmful emails using a counterfeit address. DMARC stops most email impersonation — by implementing DMARC, domains lower their odds of being spoofed and used for phishing attacks on recipients, which is particularly important given the large number of fraud attempts associated with the pandemic.
  • Protect themselves from accessing known malicious websites through increased DNS security with Quad9. Quad9 provides a dynamic list of sites that protect against the threats of phishing and identity theft scams and malware, ransomware, and command-and-control botnet systems for viruses, worms, and other forms of malicious software. Quad9 is currently seeing a new record-setting rate blocking access to malicious sites an average of 60 million times per day, which represents a 600% year-over-year growth rate. During heavy “storms” of cybercrime activity, this volume has spiked to more than 100 million events per day. This growth relates directly to hackers launching new tools, new phishing campaigns that send out vast amounts of increasingly sophisticated messages, or dormant networks of bots that awaken and try to reach their control systems.
  • Use a suite of basic cyber hygiene tools to raise their overall resilience. GCA’s Cybersecurity Toolkit for Small Business can be used by any organisation that desires to have access to curated free tools to implement cyber hygiene guidance such as the CIS Controls.

The toolkit allows users to:

  • Conduct inventories of devices and applications to ensure small business owners are aware of devices needing protection;
  • Ensure that security settings of devices are automatically updated;
  • Ensure that accounts are protected by strong passwords and two-factor authentication;
  • Access a range of tools that can be used to prevent common attacks and ensure devices are backed up in the event an attack does occur; and
  • Implement policies and recommendations for training employees to understand how to identify and avoid phishing emails.

GCA is looking forward to working with the CyberPeace Institute and its partners to support the healthcare sector and test a new model of collaboration in practical cybersecurity assistance.

The author, Klara Jordan, is the Executive Director, EU and Africa, at the Global Cyber Alliance. You can follow her on Twitter at @JordanKlara or connect with her on LinkedIn.