Russia’s invasion of Ukraine has the potential for trickle-down impacts on U.S. hospitals in the form of cybersecurity attacks. 

While there have been no specific cyber threats to the U.S. to date from the invasion, Russia’s attack on Ukraine — which has involved cyberattacks on Ukraine’s government and critical infrastructure organizations — may impact organizations beyond the region, the national Cybersecurity and Infrastructure Security Agency (CISA) said. 

“Every organization — large and small — must be prepared to respond to disruptive cyber activity,” the agency said. Its Shields Up website includes a catalog of free services to help organizations reduce the likelihood of a damaging cyberattack and ensure they are well prepared if an intrusion occurs. It also contains suggestions for corporate leaders and CEOs and a guide to handle responses to ransomware attacks. 

Journalists could find interesting stories by interviewing hospitals about what they are doing to protect their staff and patients, or cybersecurity firms on tips to implement.

The American Hospital Association warned its nearly 5,000 members to increase their defenses against potential Russian attacks and consider blocking internet traffic to and from Russia and Ukraine, John Riggi, the organization’s national adviser for cybersecurity and risk, told Politico.   

“Our organizations are continuously being probed and scanned from Russia, China, Iran and North Korea thousands of times a day, literally, whether it’s a small critical access hospital or the largest systems,” he said in the news article.

Riggi will be a panelist at AHCJ’s upcoming Health Journalism conference in Austin, speaking about hospital ransomware attacks and what hospitals can do. The session will be held from 4:40-6:00 p.m. on Saturday, April 30.

In a cybersecurity advisory released February 23, the AHA mentioned three concerning scenarios for hospitals and health systems: being targeted directly by Russian-sponsored cyber actors; becoming incidental victims of Russian-deployed malware, or destructive ransomware to penetrate U.S. health care facilities, and disrupting hospitals’ mission-critical service providers. Malware is software designed to gain unauthorized access to computer systems and cause disruption.

“Whenever there is a conflict related to Russia, you should expect to see force applied on the cyber domain as well because it creates disorientation, lack of trust and fear,” Ariel Parnes, COO and co-founder of cybersecurity company Mitiga told the online publication TechRepublic. 

The types of attacks that could occur across sectors such as health care include a distributed denial of service (DDoS) attack (where an attacker floods the server with internet traffic that prevents users from accessing services), phishing scams (such as emails that appear legitimate inducing users to click on a link or provide passwords or personal information), and activation of persistent malware, the article said.

There are many reasons why even small businesses could be threatened, according to an article in PC magazine. Ransomware attacks may increase as groups seek to offset losses from Russia’s damaged economy. Attackers may try to exploit weaknesses in health system security to gain sensitive information about patients or might try to compromise laptop computers of employees working remotely to gain access to hospital networks.

In response, three cybersecurity companies—CrowdStrike, Ping Identity, and Cloudflare —announced they are offering their services for free for a few months to organizations thought to be most at risk, including hospitals and electricity and water utilities companies, the Washington Post reported. CISA also offered recommendations for individuals given the current climate: 

• Add a second layer of identification on your accounts, like a confirmation text message, face identification or code from an authentication mobile app. 
• Update your software and allow automatic updates.
• Think before you click on any potentially suspicious email or webpage.
• Use strong passwords.

Meanwhile, in other cybersecurity news that could inform your reporting:

• The U.S. Senate on March 1 passed legislation that would mandate critical infrastructure including health care entities and federal civilian agencies to report any cyberattacks or ransomware payments to the government within 24-72 hours, Healthcare IT News reported. The Strengthening American Cybersecurity Act, sponsored by Sen. Gary Peters (D-Mich.) moved to the House of Representatives for consideration.
• The White House on March 2 sent a request to Congress asking for $32.5 billion in emergency funding to aid Ukrainian cyber defenses and bolster the FBI’s response to cyber threats stemming from the Russian threat and war on Ukraine, the Washington Post reported.
• The Department of Health and Human Services released a report on March 3 summarizing health sector cybersecurity for 2021 and giving a look ahead for 2022. The document offers a history of notable cybersecurity events in hospitals through 2021 and can be a good reference for reporting on such incidents. The average ransom payment was more than $322,000 in the fourth quarter of 2021, up 130% from the third quarter.

Additional resources

• Ukraine conflict signals a more dangerous cyberspace – an article from the Washington Post.
• Could Russian Hackers Cripple U.S. Health Care Systems?- an article from HealthDay.
• Cybersecurity & Infrastructure Security Agency’s  Shields Up – a resource that guides organizations on reducing the likelihood of cyberattacks, and how to quickly detect and manage intrusions.
• How Russia’s invasion of Ukraine will affect your cybersecurity – an article from TechRepublic.
• Russia-Ukraine escalation means shields up at U.S. hospitals – an article from Politico. 
• Russia’s Ukraine Invasion: Could It Be a Cybersecurity Threat to Your Business? – article from PC magazine.
• Health Sector Cybersecurity: 2021 Retrospective and 2022 Look Ahead – a report from HHS with a history of key cybersecurity incidents in hospitals.
• Cyber threats ahead for 2022 – a video interview between HIMSS TV and Errol Weiss, chief security officer at the Health Information Sharing and Analysis Center (H-ISAC).