as a result of the invasion of Ukraine and the U.S. and Western countermeasures against the aggressor nation.
The day after President Biden announced that the war had begun, the American Hospital Association (AHA) issued an alert to hospitals. The cybersecurity division of the Department of Health and Human Services (HHS), known as HC3, joined AHA with another public warning to the healthcare system on March 1. The federal government’s Cybersecurity & Infrastructure Security Agency (CISA) issued a “Shield’s Up” alert to private industry, supporting Biden’s March 21 statement about the need to improve domestic cybersecurity.
CISA warned that the Russian invasion of Ukraine could lead to “malicious cyber activity against the U.S. homeland, including as a response to the unprecedented economic costs imposed on Russia by the U.S. and our allies and partners.” The agency noted that the Russian government is currently exploring options for cyberattacks.
John Riggi, the AHA’s national advisor for cybersecurity and risk, and a former senior executive in the FBI’s cyber division, said in an interview, “We are not aware of any cyberattacks related to the current conflict [in Ukraine]. We don’t know of any specific credible threats targeted against U.S. healthcare from the Russian government.”
He added that there have been reports of Russian hackers searching U.S. health IT security systems for weaknesses.
Criminal gangs remain a threat
Besides the Russian government, Mr. Riggi said, Russian criminal gangs are another threat to U.S. hospitals and other healthcare providers. Of particular concern, he noted, is the Conti gang, which “has a history of conducting ransomware attacks against U.S. healthcare and the Irish health system.”
On February 25, said Mr. Riggi, the Conti group announced plans “to retaliate against the West for what they viewed as potential cyber aggression by the West against the Russian federation.”
Sophisticated hacker groups like the Conti gang that operate under the protection of the Russian government have “caused the greatest amount of disruption and have cost the most in terms of recovery and lost business,” Mac McMillan, CEO of CynergisTek, a cybersecurity consulting firm, told this news organization.
However, he said, the current threat is greater for two reasons: first, it will likely come directly from the Russian military intelligence service; and second, there are indications that the malware will be more destructive than ransomware. Two new types of malware identified by HC3 — HermeticWiper and WhisperGate — are designed to wipe out the data in their targets’ systems, rather than just encrypting it and disrupting access to data until a ransom is paid.
The Russian military intelligence service, known as the GRU, is extremely capable and dangerous, Mr. McMillan said. He doubts that many healthcare systems, even if they are fairly well prepared, could withstand an attack from this source. And he fully believes that the attack, when it comes, will aim to wipe out data in victims’ systems in order to create as much chaos and disruption as possible in the United States.