Evolving Cyber Threats in Healthcare: Preparing for Geopolitical Risks

Current threats against critical infrastructure, including healthcare organizations, are evolving beyond demands for ransom to creating disruption and chaos. This emerging threat requires a new level of preparedness for healthcare organizations, evidenced by a recent incident involving the pro-Iranian hacktivist group Handala. This group reportedly impacted over 200,000 systems connected to Stryker's device management environment, highlighting vulnerabilities that extend beyond financial motivations.

For years, healthcare cybersecurity strategies have focused primarily on combating ransomware. These tactics included securing endpoints, backing up data, and implementing recovery plans. However, such approaches do not fully address the strategies of geopolitically motivated attackers who often using destructive malware and data-wiping attacks. Their aim is not financial gain but organizational paralysis.

Healthcare systems are attractive targets due to the critical nature of continuous functionality and patient safety. Interruptions can delay medical procedures, disrupt medication management, and have immediate public visibility, playing into adversaries' strategies to undermine public trust in vital institutions.

Assessing Third-party Risk and Coordination

The incident involving Stryker underscores the extensive attack surface within healthcare systems. Hospitals depend on a variety of third-party systems, creating vulnerabilities that can allow a cyberattack on one vendor to rapidly impact clinical and operational environments. Healthcare facilities responded with precautionary measures post-incident, emphasizing the need for improved vendor management and security coordination.

Federal initiatives, through documents such as National Security Memorandum 22 and the Cybersecurity and Infrastructure Security Agency's advisories, emphasize integrating cybersecurity across critical infrastructure sectors, including healthcare. They acknowledge the shift toward strategic competition and nation-state cyber activity.

The Health Sector Coordinating Council (HSCC), a partnership between the Department of Health and Human Services and industry stakeholders, plays a key role in enhancing sector-wide defenses. The HSCC plans a national cyber exercise simulating a large-scale attack, aiming to uncover weaknesses and provide organizations with guidance for improvement.

Adapting defenses to address these geopolitical threats involves understanding adversaries' motives, ensuring effective controls, enhancing third-party risk management, and investing in detection and response capabilities. The interconnected nature of the healthcare ecosystem requires a comprehensive cybersecurity approach, recognizing that incidents in any part of the network can affect patient care. Thus, cybersecurity must be seen as both an IT and operational priority.