A group of Senators belonging to two parties wrote to the Cybersecurity and Infrastructure Security Agency (CISA) of the Department of Homeland Security and U.S. Cyber Command asking for healthcare care-specific cybersecurity advice on how to manage coronavirus and COVID-19-associated risks.
Richard Blumenthal, (D-CT), Tom Cotton (R-AR), Mark Warner (D-VA), Edward J. Markey (D-MA) and David Perdue (R-GA) composed the letter because of the increasing cyber espionage and cybercriminal activity directed at the medical care, public health, and research industries all through the COVID-19 outbreak.
The letter mentioned a report published by the cybersecurity company FireEye which pointed out that the Chinese hacking group, APT41, was conducting an important campaign, directed at the healthcare segment. The hacking group is taking advantage of vulnerabilities in networking devices, cloud application and IT management solutions to access healthcare networks – identical systems that are currently being employed by telecommuting employees for giving telehealth at the time of the outbreak. A number of other threat groups having a connection to China have likewise increased their attacks on U.S targets using COVID-19-themed campaigns.
Threat actors from Russia, North Korea and Iran are also doing attacks on international health institutions and public health organizations of U.S. allies. There were a number of false campaigns linked to Russia, China and Iran in an attempt to divert the response of the U.S. to the COVID-19 pandemic.
The healthcare sector already has difficulties protecting against attacks from nation-state threat groups and cybercriminal gangs prior to the SARS-CoV-2 pandemic. Medical providers are now stressed and pressured because of the COVID-19 pandemic and the condition is critical now. In the event that the cyberattacks become successful, there is a big risk of public health response disruption.
Hospitals depend on electronic information like electronic medical records, email communications, and internal networks. Many still use legacy equipment. Any attack can bring about disruption, diversion of resources, and loss of critical time. Even a somewhat minor attack can bring about big disruption. One example is the attack on the Department of Health and Human Services. It was a rather minor technical problem with email, yet it hampered the work of the HHS in organizing the federal government’s service. In case of a ransomware attack, EHRs can be taken out of action causing disruption and potentially grave consequences.
The Senators have asked the two agencies to employ the expertise and assets that were created to fight against these risks and to take the required steps to safeguard the healthcare sector for the duration of the coronavirus pandemic.
The Senators have asked public and private cyber threat intelligence like indicators of compromise from attacks on the medical care, public health, and research industries to be extensively shared to support network defenders prevent the attacks. They have likewise asked the agencies to organize with the HHS, Federal Bureau of Investigation (FBI) and Federal Trade Commission (FTC) to help raise awareness of cybercrime, cyberespionage, and fake information campaigns.
The Senators have requested to provide the National Guard Bureau with threat testing, resources, and extra guidance to help employees working with state public health departments and local emergency management agencies to make sure they have the facts they require to guard critical infrastructure against cybersecurity breaches.
The agencies were asked to speak with partners in the private medical care, public health, and research industries about the resources and data required to enhance protection against attacks, including vulnerability recognition tools and threat hunting.
To stop the fake information campaigns that are being done, the Senators told the agencies to think about giving public statements, the same as the joint statement given regarding election interference on March 2.
Lastly, they told the agencies to assess further required steps to detect and prevent attempts to intrude, manipulate, and meddle with medical care, public health, and research industries.