Health-ISAC Hacking Healthcare 10-9-2024

This week, Health-ISAC’s^® Hacking Healthcare^® provides an overview of the most recent meeting of the Counter Ransomware Initiative (CRI). This international effort to combat one of the most disruptive cyber threats just held its fourth annual summit and we have a breakdown of what has been accomplished and how it might affect the healthcare sector. 

As a reminder, this is the public version of the Hacking Healthcare blog. For additional in-depth analysis and opinion, become a member of H-ISAC and receive the TLP Amber version of this blog (available in the Member Portal.)

PDF Version: TLP WHITE Hacking Healthcare 10.9.2024
Size : 166.4 kB Format : PDF

Text Version:

Welcome back to Hacking Healthcare^®.

4th International Counter Ransomware Initiative Summit

This week saw the fourth meeting of what is now known as the Counter Ransomware Initiative (CRI).^[i] This government-led international effort to fight back against ransomware has grown in size and scope over the past few years, and we felt it was a good time to check in on what the group has accomplished and where it plans to focus efforts in the coming year, and to try to assess the practical effects of its work so far. 

What Is the CRI?

In 2021, the Biden administration led the convening of ministers and representatives from over 30 countries and the European Union to “discuss the escalating global security threat from ransomware.”^[ii] The group acknowledged the threat ransomware poses to healthcare and other critical infrastructure sectors, and cited the need for a global response to tackle the issue. These initial representatives concluded the summit with an action plan along several lines of effort that included building resilience, countering illicit finance, disruption and law enforcement efforts, and international diplomacy. Since that first meeting in 2021, this international group has met annually to reassess its progress, broaden the international membership, and identify new projects to undertake. 

Where Do Things Stand in 2024?

We won’t be recapping all the incremental accomplishments of the CRI over the last few years in this iteration of Hacking Healthcare. Instead, we are going to focus on a broad overview of where the CRI stands now and some of the specific accomplishments announced at this week’s summit.

• Growing Reach: As highlighted in that first summit, tackling ransomware requires a truly global approach. By its nature, the internationally dispersed cyber criminal ecosystem makes any one government’s attempts to combat the issue an uphill battle. That’s why it is great to note that the initial representation of 33 entities in 2021 has grown to 68, including 18 new representatives this year. 

  The CRI boasts a diverse membership across all continents.^[iii] It may not be surprising to see major regional players like the United States, Australia, France, Singapore, or Brazil, but it is a welcome development that countries like Sri Lanka, Sierra Leone, Vanuatu, the Dominican Republic, and Bahrain are represented as well. In addition, the CRI also includes representation from groups like the Organization of American States (OAS), Interpol, Global Forum for Cyber Expertise, and the Economic Community of West African States.

• CRI Ransomware Incident Guidance: This year saw the publication of official guidance for organizations responding to their own ransomware incidents or supporting a partner organization.^[iv] Created by CRI members in collaboration with “insurance bodies,”^[v] the guidance is non-binding and provides something of a high-level checklist of various considerations that ransomware victims should work through as they determine how to respond.  

• CRI Fund: A new fund supported by contributions from member states and private-sector organizations will be used to “strengthen” members’ cybersecurity capabilities through both rapid assistance in the wake of a cyber attack as well as targeted support to improve cybersecurity skills, policies, and response procedures.”^[vi]

• Private-Sector Engagement Group: Canada was acknowledged for developing a private-sector engagement group meant to “advise and support CRI members in combating ransomware. The advisory panel will catalyze effective information sharing, build trust through clear expectations and person to person collaboration, and develop best practices to navigate practical hurdles.”^[vii]

There were numerous other updates provided in the official joint summary of the event and we would encourage interested parties to read through the rest. 

What’s Next?

The CRI committed to following through on existing work streams going forward, and there appears to be an expectation that a fifth summit will occur next year. For those interested in learning more or following the CRI’s latest developments, we direct you to the CRI’s website: “https://counter-ransomware.org/” 

The website currently updates with government alerts and advisories related to ransomware and new updates on CRI-related workstreams. 

Action & Analysis 
**Included with Health-ISAC Membership**