Watch Out for Cyberattacks Following Russia's Invasion of Ukraine

— American Hospital Association is advising leaders and staff to remain vigilant

by Jennifer Henderson, Enterprise & Investigative Writer, MedPage Today February 25, 2022

A photo of a man in a hooded sweatshirt typing at a laptop in front of the Russian flag overlaid with number and symbols.

As the U.S. government responds to Russia's invasion of Ukraine with economic and military sanctions, the American Hospital Association (AHA) is telling health systems to keep their guard up for retaliatory cyberattacks.

Specifically, there are three concerns: that hospitals and health systems may be targeted directly by Russian-sponsored cyber actors; that hospitals and health systems may become incidental victims of Russian-deployed malware or destructive ransomware; and that a cyberattack could disrupt hospitals' services.

"AHA's concerns are heightened by the Russian military's previous behavior of utilizing cyber weapons in support of military actions against Ukraine ... The malware was initially launched against Ukraine and subsequently spread globally, disrupting operations at a major U.S. pharmaceutical company, a major U.S. health care communications company and U.S. hospitals," the AHA stated in an advisory.

Last week, the federal Cybersecurity and Infrastructure Security Agency issued a warning to all U.S. organizations, regardless of size.

Yet the healthcare sector is no stranger to targeted cyberattacks.

Since 2018, the Ryuk ransomware attack has wreaked havoc on at least 235 hospitals and inpatient psychiatric facilities as well as dozens of other healthcare facilities. The result: suspended surgeries, delayed medical care, and the loss of millions of dollars, the Wall Street Journal reported last June.

A 2021 ransomware attack on Scripps Health of San Diego counts among other recent cyber threats to U.S. hospitals.

"We are on alert based on FBI and other alerts for additional cyberattacks on U.S. infrastructure, especially health and government infrastructure," said Chris Van Gorder, president and CEO of Scripps Health, in response to AHA's new advisory.

"This is a national issue -- not company issue -- and we hope the government will take these attacks as terrorist attacks on the country and not just hacker attacks," he told MedPage Today.

To help alleviate current threats, the AHA recommended that hospitals and health systems review federal guidance on risk mitigation procedures -- including increased network monitoring for unusual traffic or activity -- as well as increase staff awareness of the greater risk for receiving malware-laden phishing emails.

The AHA further urged geo-fencing for all inbound and outbound traffic originating from, and related to, Ukraine and its surrounding region, as well as identifying all internal and third-party mission-critical clinical and operational services and technology. For the latter, hospitals and health systems should implement 4- to 6-week business continuity plans and well-practiced downtime procedures, the AHA said.

It also recommended checking network and data backups, and making sure that multiple copies exist -- off-line, network segmented, on-premises, and in the cloud, with at least one immutable copy.

Jennifer Henderson joined MedPage Today as an enterprise and investigative writer in Jan. 2021. She has covered the healthcare industry in NYC, life sciences and the business of law, among other areas.