The Russia-Ukraine Conflict: Preparing Your Medical Practice for Cyber Attacks

After Russia invaded Ukraine, the US and European organizations could be subjected to “spillover attacks” or retaliatory strikes. Healthcare, one of the most lucrative industries, is no doubt a potential target.

With this, the American Hospital Association (AHA) warns hospitals to be alert for cyber attacks on healthcare systems.

Since the US government and the North Atlantic Treaty Organization (NATO) allies launched economic and military sanctions in response to Russia's actions, it's possible that Russia may retaliate with disruptive cyber attacks to advance its destructive agenda.

According to the AHA, Russia has previously launched cyber attacks against Ukraine to interfere with communications networks, financial services, and power systems. Additionally, previous Russian cyber operations against Ukraine caused collateral damage to US healthcare systems, leading to US indictments for NotPetya malware.

Given these actions, it’s possible that Russia will use cyber attacks again to target its political opponents.

As part of its Shields Up advisory, the Cybersecurity and Infrastructure Security Agency (CISA) urged public and private sectors to improve cybersecurity measures regardless of size. The agency encourages all industries to strengthen their cybersecurity and protect their most valuable assets, which in your practice would be your patients' health records.

What Russian Hackers Could Potentially Harm

There are three concerns about cyber threats originating from Russia in the healthcare sector, according to the AHA:

• First, a cyber attack could disrupt hospitals' mission-critical services.
• Second, Russian-backed cybercriminals may deliberately attack healthcare systems.
• Finally, Russian malware or destructive ransomware may inadvertently infect U.S. hospitals and health systems, causing incidental harm or collateral damage.

What Your Medical Practice Can Do RIGHT NOW

Per the AHA's recommendations, ER Tech Pros offers tips for ensuring the security of your clinic.

Update Core Internet-based Applications

In a world where devices are ever more connected, the business world has shifted from owning physical office space to adopting a cloud-based infrastructure. As a result, Internet-connected applications are now just as integral to business operations as computers. 

Yet, software update cycles can be delayed and patches are slow to roll out to users because there are many different devices.

Don't delay updating your core internet-based applications. Patch any device connected to the internet anywhere, in any manner. If a tool is involved in your traffic, communications, or remote business operations, it’s even more important to patch it.

Your IT and Cybersecurity Staff Must Stay Vigilant 24/7

Make sure your IT team understands exactly how to navigate this murky territory. If you're lucky enough, you have reliable experts with years of healthcare IT experience. They would know how hackers think and what they're targeting.

You may suffer devastating effects if Russian hackers target US healthcare organizations. You’ll be left having to deal with lawsuits as well as a tarnished public image, and your patients will likely leave you for another provider.

IT and cybersecurity teams in healthcare organizations need to stay alert in light of all this information, if at all possible, around the clock. They should also take responsibility for monitoring your firewalls across all your devices.

C-Level Executives Must Also Be Made Aware of Cyber Risks

Many large companies have complicated issues that are difficult to convey to their executives quickly. If you have a large organization, it's essential to disseminate critical information well.

Most C-level executives are difficult to reach and don't have time to read long reports. They only read the headlines and skim through information to get a general idea. This can negatively impact their ability to make informed decisions and lead their company.

Keeping an organization safe should be the highest priority for C-level executives during times like these. Cybersecurity is one of the top risks that any company faces in today's world, and it's not just for IT teams. 

Senior executives must work closely with their IT staff to secure their organization against cyber attacks. It also goes without saying that IT and cybersecurity staff need to be excellent communicators.

Clinic Staff Should Use Caution When Online

Urge your clinic staff to be on guard against emails, texts, instant messages, and other forms of communication that could contain malware.

This is where their cybersecurity training will come in handy. When your medical staff is trained with realistic phishing exercises, they'll be able to distinguish safe messages from unsafe ones, protecting themselves from cybercriminals' varying means of attack.

Make Sure Backups and Disaster Recovery Are in Place

AHA recommends that you make a list of your essential clinical and operational services and technologies. You should have an extended business continuity plan and well-defined downtime procedures in case they get compromised. Create a scenario planning process for each component of your entire system.

Organizations should also maintain reliable data backups in the cloud and reevaluate their security protocols to ensure cyber resilience. In the cloud, your data is protected from potential catastrophes that could destroy your locally stored data.

Upgrade Out-of-Date Hardware and Software

While you may not be directly targeted, you could still become collateral damage as geopolitical tensions escalate.

Upgrade out-of-date hardware and software to stay protected against the latest cyber threats. Expect the Russian cybercriminals to use their most advanced techniques to attack a range of targets, including the medical sector.

Technology is advancing at an exponential rate, and it is getting harder to stay updated on the latest developments. It's impossible to stay ahead of the latest cyber security threats when your technology is obsolete.

Cyberwarfare is on the rise due to what may be the biggest international conflict in recent years. As a result, upgrading your computers and software is now an essential part of enhancing your clinic’s cybersecurity.

Establish Reliable Communication Lines

Many medical practices are severely underprepared to handle a cyber attack. If your clinic falls prey to Russian-sponsored hackers, its communication lines may also be compromised.

In the event of a crisis, go over how information will be shared between teams, employees, and patients. Clear communications should be maintained among team members so operations can continue running smoothly without compromising security.

Be Prepared to Handle the Worst

Nobody wants to become the victim of a cyber attack, just like no one wants to endure the consequences of war. Nonetheless, we should be proactive and prepared for any eventuality.

At this time, we don't intend to take a political stance, rather we hope to raise awareness about the healthcare cybersecurity implications of this crisis. 

Our thoughts and prayers are with those affected by this conflict. As healthcare professionals, we play a vital role in saving lives. This includes protecting our health systems.

Time is of great importance right now. The Russia-Ukraine crisis is evolving quickly, making it challenging to stay up to date on cyber threats and respond accordingly. To get help with all of these, reach out to our cybersecurity experts now.