Healthcare systems around the world have only just managed to defeat one of the greatest medical crises in modern history, the COVID-19 pandemic. However, just as policymakers and healthcare managers were preparing to return to normalcy after resolving what they believed to be the final issues of the crisis, a new problem emerged. As Vladimir Putin’s Russia invaded the neighboring country of Ukraine, people in Europe and around the world started to worry about the prospect of a new war. The growing fear of a wider war between Russia and the West, which is known to support Ukraine, is now more real than ever. And so are cyber risks facing the US healthcare sector.
Unlike the military concepts that once fueled the battles of the past, modern warfare is a collection of many elements, often bolstered by new technologies and hybrid tactics. Cyberattacks are a significant component of these, and the current crisis in Ukraine demonstrates just how complicated things can become during a modern geopolitical crisis. According to the Cybersecurity and Infrastructure Security Agency, Russia’s actions against Ukraine could impact actors both within and beyond the region, including US hospitals and institutions.
How US hospitals could be impacted
According to Healthcare Dive, over the last few decades, US hospitals experienced a period of systemic underfunding in their cybersecurity infrastructures. Moreover, the COVID-19 pandemic has had an impact on how hospitals and other healthcare institutions across America work, putting even more pressure on their infrastructures as numerous resources were diverted to patient care. These added pressures may now be creating “this perfect storm,” Mac McMillan, CEO of IT consultancy CynergisTek, said. Hospitals may be in danger of becoming targets for major cyberattacks related to Russia’s unprovoked invasion of Ukraine and its numerous consequences.
Cyberattacks are not only related to cybercrime but also appear as a consequence of cyber warfare or cyberterrorism. It comes as no surprise that the Department of Health and Human Services remains “proactive and vigilant”, despite the fact that no specific threat to the US Healthcare and Public Health (HPH) Sector has been identified. Nonetheless, concerns are growing as Russia remains not only one of the world’s most capable cyber powers, but also one known to have previously been hostile to America. During the Moonlight Maze attacks against the US Department of Defense in the 1990s, actors believed to have ties to the Russian government may have orchestrated a series of advanced cyberattacks.
Preparing for the worst
Although most people in the US and other Western countries hope that Russia’s invasion of Ukraine will end soon without escalation into a larger conflict, cyberattack preparations remain critical for the US Healthcare Sector and many other industries. In response to the massive economic sanctions imposed by America and other Western countries, the Biden Administration has issued numerous warnings about the possibility of Russia participating in malicious cyberattacks against the US. Moreover, according to the White House, intelligence reports seem to indicate that Russia may be exploring options for future cyberattacks.
Strengthening cybersecurity is important now more than ever, according to the statement above, as the US needs to prepare for future threats. As the Biden Administration announced that modernizing cyber defenses and improving technological security are now top priorities, Lisa Pino, Director of Office for Civil Rights (OCR) has also issued a statement about the future improvement of cybersecurity in healthcare. “Prioritizing cyber security and patient privacy is of the utmost concern,” Pino says, as she points out that recent IT incidents have disrupted multiple government agencies, as well as US companies, and even supply chains for basic goods.
Hoping for the best
US healthcare providers have also faced numerous IT challenges in 2021, as malevolent actors took advantage of the immediate need to respond to the COVID-19 pandemic. Hospitals and healthcare organizations in the US and abroad had to postpone surgeries and exams, for instance, because IT systems were down as a result. Criminal organizations, state actors, and private persons have all taken advantage of the healthcare crisis to launch these cyberattacks, and there is reason to believe they will do so again now, amid a geopolitical crisis. However, one key fact makes all the difference when it comes to future cyber risks facing the US healthcare sector – while the Biden Administration hopes for the best, it is also better prepared for the worst.
