Skip to main content

H-ISAC Hacking Healthcare 3-31-2020

TLP White: In this edition of Hacking Healthcare, we breakdown an unexpected Russian crackdown of a cybercrime ring, and why it probably doesn’t signal a sea change in domestic cyber policy. Next, we brief you on a telehealth ICU solution being rushed to the frontlines of the COVID-19 response and why emerging technologies could help with the next global health emergency. Finally, we examine a global group of cybersecurity volunteers as they attempt to bolster healthcare cybersecurity during a rush of malicious activity.

As a reminder, this is the public version of the Hacking Healthcare blog. For additional in-depth analysis and opinion, become a member of H-ISAC and receive the TLP Amber version of this blog (available in the Member Portal.)

 

Welcome back to Hacking Healthcare.

 

1. Russia Cracks Down on Fraud Ring:

Where most countries enforce laws and other measures to actively discourage malicious cyber activity, Russia has long had a more complex relationship with hackers and fraudsters. Russian ‘patriotic’ hackers have often been encouraged or co-opted to further nation-state objectives, and cyber criminals with a profit motive are generally left alone so long as they prey on targets outside Russia. All of which makes the sudden arrest of 25 individuals allegedly connected to a network of illicit websites that traffic in stolen credit card and personal data very interesting.

It appears that On March 20th, Russian authorities arrested 25 individuals that had connections to roughly 90 illicit websites. The Russian Federal Security Service did not disclose the names of those arrested, but they did confirm that they were being charged with “circulating illegal means of payment.” One of the individuals that was allegedly arrested is Alexey Stroganov, a well-known cybercriminal who is notorious within the underground stolen credit card markets.

The action appears to have shuttered at least some of the 90 websites, including BuyBest/GoldenShop, and their secondary infrastructure and mirror pages. Gemini Advisory has estimated that this network “likely generated between $14 million and $20 million USD in revenue.”

While this is a positive development, the rationale behind it is the more curious aspect. Russia has very rarely made a public showing of taking legal action against significant cyber criminals within its borders and routinely expends resources to extradite Russian nationals facing cybercrimes abroad. The simplest and most likely explanation appears to be that these individuals may have crossed the line by targeting Russian businesses or citizens. However, other theories speculate that it’s an attempt by the Russian state to coerce them into work or a warning shot to other domestic groups to tread carefully.

 

2. Israeli Hospitals Deploy AI Tele-ICU Platform:

The escalation of COVID-19 continues to put more of a strain on limited healthcare resources across the globe. One of the most serious concerns is the lack of protective equipment for frontline caregivers leading to an increase in infections to those healthcare professionals. Sickened caregivers often need time off to recover or must be quarantined to prevent further infections which further degrades healthcare services.
In an effort to reduce caregiver exposure and increase the efficiency of limited resources, healthcare organizations are expanding their use of telehealth products. One such solution, predictive analytics platform CLEW’s TeleICU, has been put into service at two Israeli hospitals. Using AI to augment its predictive analytics, the solution is designed to “identify respiratory deterioration” earlier than traditional methods. If successful, the TeleICU solution will likely improve COVID-19 patient outcomes by providing advance warning of patients likely to need intensive care, while also protecting caregivers who will operate remotely at a centralized location.

While the healthcare sector has slowly been integrating telehealth solutions for many years, the outbreak of COVID-19 had brought increased urgency to deploy them out of necessity. This trial by fire has put a spotlight on how telehealth and emerging technologies like AI can act as a force multiplier for healthcare services already operating at full capacity. While implementation of these technologies will be uneven and success mixed in the short term, COVID-19 appears likely to raise considerable interest in investment and development going forward. This has led to some speculation that healthcare providers will have the ability to more easily scale up capabilities in emergency situations.

 

3. Cybersecurity Experts Form a League to Protect Healthcare:

Sometimes lost among the reports of escalating infection numbers, declines in the economy, and pleas for social distancing, are the wide-ranging cyber-attacks targeting the healthcare sector at its most vulnerable. Ransomware groups have hit the World Health Organization (WHO) and testing labs among numerous other entities in the healthcare space. With their resources already stretched to the breaking point, and when any IT failure could put patients at serious risk, healthcare organizations can use all the help they can get.
Luckily, a team of cybersecurity experts has formed to fight back. Calling itself the COVID-19 Cyber Threat Intelligence League, this invite only group of cybersecurity experts, threat intelligence officers, and incident responders from around the world are looking to specifically address threats taking advantage of the COVID-19 pandemic. While their efforts are first and foremost directed at helping hospitals and other healthcare organizations hit by phishing and ransomware, they acknowledge wanting to tackle malicious actors that are exploiting COVID-19 in any way.

Marc Rodgers, listed as being on the Leagues management team, described to DARKReading how their volunteer team has quickly expanded to over 500 members from 40 countries. Despite the large size, Rogers states that “The tasks here are very specific and every member has to hit the ground running,” and that all volunteers are vetted for their technical ability and skillset before being admitted as members. The League’s specific strategy is not public, but they appear to be attempting to identify the vulnerabilities and tactics used by the cybercrime campaigns launched as a result of COVID-19. Once known, the League can look to warn vulnerable entities and assist in recovery operations.

 

Congress –

Tuesday, March 31st:
– No relevant hearings

Wednesday, April 1st:
– No relevant hearings

Thursday, April 2nd:
– No relevant hearings

 

International Hearings/Meetings –

EU – No relevant hearings/meetings

 

Conferences, Webinars, and Summits –

–H-ISAC Security Workshop – Cambridge, MA (POSTPONED)

–H-ISAC Security Workshop – Atlanta, GA (POSTPONED)

–H-ISAC 2020 Spring Summit – Tampa, FL (CANCELLED)

–H-ISAC Grand Rounds Webinar Series: Info Sharing…Where do I Start? – Webinar
https://h-isac.org/hisacevents/h-isac-grand-rounds-webinar-series-1-cost-effective-threat-intel-2/
–2020 Asset Management Trends: As IT Complexity Increases, Visibility Plummets by Axonius – Webinar
https://h-isac.org/hisacevents/axonius-asset-management-trends/
–H-ISAC Monthly Member Threat Briefing – Webinar
https://h-isac.org/hisacevents/h-isac-monthly-member-threat-briefing-7/
–H-ISAC Security Workshop – Frederick, MD (6/9/2020)

–AAMI Exchange – New Orleans, LA (6/12/2020-6/15/2020)

–H-ISAC Security Workshop – Lisbon, Portugal (6/17/2020)
https://h-isac.org/hisacevents/h-isac-security-workshop-lisbon-portugal/
–H-ISAC Security Workshop – Buffalo, NY (6/23/2020)
https://h-isac.org/hisacevents/h-isac-security-workshop-buffalo-ny-2/
–H-ISAC 2020 Spring Summit – Singapore (6/23/2020-6/25/2020)

–Healthcare Cybersecurity Forum – Mid-Atlantic – Philadelphia, PA (7/17/2020)
https://endeavor.swoogo.com/2020_healthcare_innovation_cybersecurity_forums/426497
–Healthcare Cybersecurity Forum – Rocky Mountain – Denver, CO (7/20/2020)
https://endeavor.swoogo.com/2020_healthcare_innovation_cybersecurity_forums/426499
–Healthcare Cybersecurity Forum – Southeast – Nashville, TN (9/9/2020)
https://endeavor.swoogo.com/2020_healthcare_innovation_cybersecurity_forums/426517
–H-ISAC Security Workshop – Greenwood Village, CO (9/16/2020)
https://h-isac.org/hisacevents/h-isac-security-workshop-greenwood-villiage-co/
–Healthcare Cybersecurity Forum – Northeast – Boston, MA (9/22/2020)
https://endeavor.swoogo.com/2020_healthcare_innovation_cybersecurity_forums/427126
–Summit on Security & Third Party Risk – National Harbor, MD (9/28/2020-9/30/2020)

–Healthcare Cybersecurity Forum – Texas – Houston, TX (10/8/2020)
https://endeavor.swoogo.com/2020_healthcare_innovation_cybersecurity_forums/428840
–CYSEC 2020 – Dubrovnik, Croatia (10/27/2020 – 10/28/2020)

–H-ISAC Security Workshop – Mounds View, MN (10/27/2020)
https://h-isac.org/hisacevents/h-isac-security-workshop-buffalo-ny/
–Healthcare Cybersecurity Forum – Pacific Northwest – Seattle, WA (10/28/2020)
https://endeavor.swoogo.com/2020_healthcare_innovation_cybersecurity_forums/428886
–Healthcare Cybersecurity Forum – California – Los Angeles, CA (11/12/2020)

Sundries –

–Google sent users 40,000 warnings of nation-state hack attacks in 2019
https://arstechnica.com/information-technology/2020/03/google-sent-users-40000-warnings-of-nation-state-hack-attacks-in-2019/

–Ryuk Ransomware Keeps Targeting Hospitals During the Pandemic
https://www.bleepingcomputer.com/news/security/ryuk-ransomware-keeps-targeting-hospitals-during-the-pandemic/

–Hackers are messing with routers’ DNS settings as telework surges around the world
https://www.cyberscoop.com/dns-hijacking-covid-19-oski-bitdefender-telework/

Contact us: follow @HealthISAC, and email at contact@h-isac.org

This site is registered on Toolset.com as a development site.