America's health system at risk from cyberattack, senators warn

"These hacking attempts pose an alarming risk of disrupting or undermining our public health response at this time of crisis."

People pose in front of a display showing the word 'cyber' in binary code, in this picture illustration taken in Zenica (photo credit: DADO RUVIC/REUTERS)
People pose in front of a display showing the word 'cyber' in binary code, in this picture illustration taken in Zenica
(photo credit: DADO RUVIC/REUTERS)
The targeting of US public health institutions by North Korean, Russian and Iranian hackers has prompted five senators to write to senior cybersecurity personnel to ask them to put in place a range of protective measures during the coronavirus pandemic.
Last week, senators Richard Blumenthal, Mark Warner, Edward Markey, Tom Cotton and David Perdue have penned a joint letter to Christopher Krebs, director of the Cybersecurity and Infrastructure Security Agency at the US Department of Homeland Security, and Gen. Paul M. Nakasone, commander of the US Cyber Command, requesting that the two security experts put in place a range of measures designed to raise awareness of the threat of cyberattacks, and to prevent such attacks from taking place.
"In recent weeks, Russian, Chinese, Iranian, and North Korean hacking operations have targeted the healthcare sector and used the coronavirus as a lure in their campaigns," the senators wrote. "These hacking attempts pose an alarming risk of disrupting or undermining our public health response at this time of crisis."
In January, an Israeli-led cybersecurity firm based in the US told The Jerusalem Post that healthcare had already “separated from the pack and is, by a wide margin, the most cyber-targeted industry.”
Elad Luz, head of research at CyberMDX said that the healthcare industry “plays host to roughly 70% of all US data breaches.
"The more sophisticated the attack, the stronger the apparent preference for targeting healthcare organizations," he said. "For example, nearly 80% of ransom-ware attacks target healthcare.” Cyber insecurity cost the healthcare industry an estimated $4 billion in 2019, he added.
To illustrate their concerns, the senators highlighted a hacking campaign carried out by a Chinese hacking group, APT41 in March.
"According to researchers, APT41 is a sophisticated Chinese state-sponsored group that specializes in espionage against healthcare, hi-tech and political interests," they wrote. "This latest campaign sought to exploit several recent vulnerabilities in commonplace networking equipment, cloud software, and office IT management tools – the same systems that we are now more reliant on for telework and telehealth during this pandemic."
Among the hackers' targets were pharmaceutical and healthcare companies and nonprofits which are currently working to respond to the challenges raised by COVID-19.
"APT41’s campaign also appears to reflect a broader escalation from Chinese groups in recent weeks," the senators added, without going in to detail.
In addition to cybersecurity challenges, Russian, Iranian and Chinese electronic disinformation campaigns have also been detected by the State Department, further undermining America's fight against coronavirus.
America's healthcare system, which is now heavily reliant on data systems such as email, electronic records, and internal networks which are often using outdated hardware and software, were already vulnerable to attack before the pandemic started, but the threat has stepped up as America, like the rest of the world, took on the added challenge of COVID-19.
"Disinformation, disabled computers and disrupted communications due to ransomware, denial of service attacks and intrusions means critical lost time and diverted resources," the senators wrote. "During this moment of national crisis, the cybersecurity and digital resilience of our healthcare, public health and research sectors are literally matters of life-or-death."
Consequently, the senators have asked for a range of measures to be put in place by the Cybersecurity and Infrastructure Security Agency and Cyber Command, as the frontline organizations protecting the health infrastructure from cybersecurity threats.
The measures include: providing intelligence information on the threats posed, both to private and public institutions, by malware and ransomware technologies, among others; coordinating with other departments to increase public awareness of the threat; considering issuing public statements on the resources and information required to effectively protect against attacks; and the provision of threat assessments, resources and guidance to the National Guard.
"We stand ready to work with you to provide any further resources necessary in this effort," the senators conclude.
In mid-April, the Czech Republic warned international allies of an imminent wave of disruptive cyberattacks against hospitals and health infrastructure.
The information we have available has led us to a reasonable fear of a real threat of serious cyberattacks on major targets in the Czech Republic, especially on healthcare systems," said NUKIB director Karel Rehka. The cybersecurity watchdog said a "preparatory phase" was already underway, with attackers using malicious emails in a "spear phishing" campaign.
Such attacks are rare but have previously knocked out companies, paralyzed government agencies, and – in the case of a 2017 attack centered on Ukraine – hobbled an entire country.
Ilanit Chernik and Reuters contributed to this report.