Please support Telehealth.org’s ability to deliver helpful news, opinions, and analyses by turning off your ad blocker.
Over the last three months, the information systems of at least four US healthcare organizations have been targeted by Russian cyberattacks. On August 24, 2022, the Health Sector Cybersecurity Coordination Center (HC3) cautioned that hackers known as the Karakurt gang were focused on the healthcare industry. The gang has links to the well-known Russian ransomware group, Conti.
The HC3 report recommends that the Public Healthcare Sector swiftly apply cyberattack prevention measures to intercept unwanted intrusions into their information systems. These Russian cyber threats were made known in March when President Biden issued a statement identifying the immediate danger of Russian-backed hackers.
Russian Ransomware Demands
The Russian cyberattack group, the Karakurt gang, appeared less than a year ago. They specialize in stealing data and demanding payment, or the data will be sold on the dark web or released publically. They demand payment in Bitcoin, with ransoms ranging from $25,000 to $13 million. Typically, the deadline for payment is only one week after the Russian ransomware hackers make their demands known.
One of the most recent victims of this Russian ransomware is Methodist McKinney (Texas) Hospital. On August 19, 2022, the Russian ransomware group contacted the hospital to inform management that they had captured confidential information and were ready to release it into the public domain. The group had stolen 360 gigabytes of information, including financial data, protected patient information, contracts, social security numbers, and confidential financial documents.
Healthcare Organizations & Russian Cyberattacks
Russian cyberattacks often access information systems using compromised user identities. In response to the increase in Russian ransomware attacks, the Cyber and Infrastructure Security Agency and the NIST Cybersecurity Framework offer advice on prevention, mitigation, and recovery from such Russian as well as other cyberattacks.
A cybersecurity recommendation stemming from this and previous security attacks include:
- Employees only get access to the information needed to do their jobs.
- Using strong passwords and dual authentication.
- Emails with links to external websites can also be problematic. The links should be disabled and employees educated on the dangers of external links.
- When employees leave a company, offboarding procedures to close all access to passwords must be swift.
- The organization should have contingency plans in case of any cyberattacks, including Russian cyberattacks.
If a provider or provider group is unaware of these issues, the time to get informed is now.
HIPAA Compliant Cybersecurity for Professionals
Must-know information about how to protect your telehealth practice from a ransomware attack. Operate w/ EYES WIDE OPEN.
Disclaimer: Telehealth.org offers information as educational material designed to inform you of issues, products, or services potentially of interest. We cannot and do not accept liability for your decisions regarding any information offered. Please conduct your due diligence before taking action. Also, the views and opinions expressed are not intended to malign any organization, company, or individual. Product names, logos, brands, and other trademarks or images are the property of their respective trademark holders. There is no affiliation, sponsorship, or partnership suggested by using these brands unless contained in an ad. We do not and cannot offer legal, ethical, billing technical, medical, or therapeutic advice. Use of this site constitutes your agreement to Telehealth.org Privacy Policy and Terms and Conditions.
Your title implies the attacks are by the Russian Government but a closer read seems to say it is a private criminal group. If a private criminal group in the US attacks a company in a foreign country would you title that America cyberattacks France? You have lost credibility with me since you seem to prey on the current anti-Russian sentiment.
Pat, It seems that you feel misled by the title of the Russian cyberattack article. From our corporate headquarters in San Diego, we did not aim to imply that any particular party is behind Russian cyberattacks. All we can do is publish the news, which is non-specific about the Russian government’s involvement. For example, on the US government’s Cybersecurity and Infrastructure Security Agency’s website, the following statement opens their home page:
“Russia’s invasion of Ukraine could impact organizations both within and beyond the region, to include malicious cyber activity against the U.S. homeland, including as a response to the unprecedented economic costs imposed on Russia by the U.S. and our allies and partners. Evolving intelligence indicates that the Russian Government is exploring options for potential cyberattacks. Every organization—large and small—must be prepared to respond to disruptive cyber incidents. As the nation’s cyber defense agency, CISA stands ready to help organizations prepare for, respond to, and mitigate the impact of cyberattacks. When cyber incidents are reported quickly, we can use this information to render assistance and as warning to prevent other organizations and entities from falling victim to a similar attack.”
Another trusted cybersecurity source published an article earlier this year titled: Expert Backgrounder: NATO Response Options to Potential Russia Cyber Attacks:
“Over recent weeks, concern has been expressed that Russia might launch hostile cyber operations against the United States and other NATO members in parallel with a military campaign against Ukraine. That military campaign is now fully underway. This article examines how the feared Russian cyber operations would be characterized under international law and outlines the response options open to States targeted by them. The analysis is, among other things, a cautionary note to those who would too readily jump to describing such Russian operations as an “attack” that triggers the alliance’s collective self-defense mechanism. It is important to sort through the more likely scenarios of Russian-led activity below that threshold, as well as if that threshold is crossed. And it’s important to comprehend how the legal framework applies to Russian use of non-state actors to carry out such operations. All this and more in the analysis that follows.”
~~
TBHI offers our readers the best quality journalism possible within our resources. I apologize if the titling of our article led you to conclude that we are attempting to engage in deception rather than to correctly portray the facts as we truly understand them. In the future, we plan to use the term “Russian Cyberacctacks” in much the same way as these trusted sources if more relevant news emerges. We urge all our readers to exercise discretion when interpreting our news for making decisions about their individual circumstances.