Skip to main content

Health-ISAC Hacking Healthcare 3-1-2022

|

TLP White: This week, Hacking Healthcare takes a longer look at the escalation of the conflict in Ukraine. We examine what sanctions and other public and private sector actions are being applied and to whom they are being directed. Then, we identify how these actions could directly or indirectly impact healthcare organizations operating in Ukraine, Russia, and Belarus, and pose some questions that healthcare organizations may wish to consider.

As a reminder, this is the public version of the Hacking Healthcare blog. For additional in-depth analysis and opinion, become a member of H-ISAC and receive the TLP Amber version of this blog (available in the Member Portal.)

 

Welcome back to Hacking Healthcare.

PDF version:

Download

 

Text version:

 

Sanctions and Executive Orders Highlight the Political Threat to Healthcare Global Operations

The situation in Ukraine continues to deteriorate in the wake of Russian President Putin’s decision to recognize two breakaway regions in eastern Ukraine as independent states, and subsequent invasion of Ukraine from Russian and Belarusian territory. Following Russia’s decisions, countries around the world began to initiate a series of diplomatic and economic counter moves designed to punish Russia and incentivize a cessation of hostilities. These moves may have severe direct or indirect consequences for organizations operating in Russia, Belarus, or Ukraine.

United States’ Executive Order

Even prior to Russia’s invasion, the Biden administration released an executive order on Blocking Property of Certain Persons and Prohibiting Certain Transactions With Respect to Continued Russian Efforts to Undermine the Sovereignty and Territorial Integrity of Ukraine on the same day that Russia recognized the independence of the territories in question.

The EO, meant to impose costs on the Russian federation, prohibits:[1]

  • New investment in the so-called DNR or LNR regions of Ukraine by a United States person, wherever located;
  • The importation into the United States, directly or indirectly, of any goods, services, or technology from the so-called DNR or LNR regions of Ukraine;
  • The exportation, reexportation, sale, or supply, directly or indirectly, from the United States, or by a United States person, wherever located, of any goods, services, or technology to the so-called DNR or LNR regions of Ukraine;
  • And any approval, financing, facilitation, or guarantee by a United States person, wherever located, of a transaction by a foreign person where the transaction by that foreign person would be covered by these prohibitions if performed by a United States person or within the United States.

In addition, the EO provides authority to impose sanctions on persons who are determined:[2]

  • To operate or have operated since the date of the order in the so-called DNR or LNR regions of Ukraine;
  • To be or have been since the date of the order a leader, official, senior executive officer, or member of the board of directors of an entity operating in the so-called DNR or LNR regions of Ukraine;
  • To be owned or controlled by, or to have acted or purported to act for or on behalf of, directly or indirectly, any person whose property and interests in property are blocked pursuant to this order;
  • Or to have materially assisted, sponsored, or provided financial, material, or technological support for, or goods or services to or in support of, any person whose property and interests in property are blocked pursuant to this order.

The EO states that some exceptions are made through six general licenses issued by the Treasury department, including some related to medicine and medical devices.[3]

International Sanctions & Other Measures

While the United States’ EO was among the first notable international responses to the developing conflict in Ukraine, it was quickly joined by an ever-growing list of sanctions and other measures from countries across the world. Many of these sanctions targeted individuals within Russia’s government or political elite, major financial institutions, the technology sector, and the Russian military.[4] Sanctions from a host of countries have become increasingly more comprehensive over the past few days, expanding the list of entities and individuals subject to them and the sectors they apply to.

Some of the more notable actions include:

  • The banishment of certain Russian banks from the Society for Worldwide Interbank Financial Telecommunication (SWIFT)
  • The halt of the Nord Stream 2 gas pipeline
  • The closure of airspace to Russian airlines
  • The freezing of assets of certain Russian political elites and organizations
  • The implementation of export controls on goods in a wide range of sectors, but particularly electronics and telecommunications
The Private Sector

Economic sanctions levied by governments have been joined by other measures from the private sector. Some of these moves may inadvertently negatively impact healthcare organizations either directly or through their supply chain. A number of these actions were taken voluntarily and have not been mandated by any government, while others may be temporary as organizations attempt to assess the applicability of the enormous number of sanctions being applied to Russia. Some of the more notable instances include:

  • Major shipping entities Maersk and Ocean Network Express (ONE) have declared they will cease taking new non-essential orders to and from Russia at least temporarily[5] [6]
  • UPS and FedEx have suspended shipments to Ukraine and Russia[7]
  • Google and Meta have barred Russian state-owned media from receiving ad revenue and have allegedly stepped-up removal of Russian disinformation on its platforms[8]

Actions & Analysis
**Membership required**

 

Congress

Tuesday, March 1st:

– No relevant hearings

 

Wednesday, March 2nd:

– No relevant hearings

 

Thursday, March 3rd:

– No relevant hearings

 

 

International Hearings/Meetings

– No relevant meetings

EU –

 

 

Conferences, Webinars, and Summits

 

 

https://h-isac.org/events/

 

Contact us: follow @HealthISAC, and email at contact@h-isac.org

 

About the Author

Hacking Healthcare is written by John Banghart, who served as a primary advisor on cybersecurity incidents and preparedness and led the National Security Council’s efforts to address significant cybersecurity incidents, including those at OPM and the White House. John is currently the Senior Director of Cybersecurity Services at Venable. His background includes serving as the National Security Council’s Director for Federal Cybersecurity, as Senior Cybersecurity Advisor for the Centers for Medicare and Medicaid Services, and as a cybersecurity researcher and policy expert at the National Institute of Standards and Technology (NIST), and in the Office of the Undersecretary of Commerce for Standards and Technology.

John can be reached at jbanghart@h-isac.org and jfbanghart@venable.com.

 

[1] https://www.whitehouse.gov/briefing-room/statements-releases/2022/02/21/fact-sheet-executive-order-to-impose-costs-for-president-putins-action-to-recognize-so-called-donetsk-and-luhansk-peoples-republics/

[2] https://www.whitehouse.gov/briefing-room/statements-releases/2022/02/21/fact-sheet-executive-order-to-impose-costs-for-president-putins-action-to-recognize-so-called-donetsk-and-luhansk-peoples-republics/

[3] https://home.treasury.gov/system/files/126/ukraine_gl18.pdf

[4] https://www.whitehouse.gov/briefing-room/statements-releases/2022/02/24/fact-sheet-joined-by-allies-and-partners-the-united-states-imposes-devastating-costs-on-russia/

[5] https://www.reuters.com/business/maersk-considers-suspending-all-shipments-russia-2022-02-28/

[6] https://twitter.com/AFP/status/1498589237742030850

[7] https://www.reuters.com/business/autos-transportation/ups-fedex-halting-shipments-russia-ukraine-2022-02-27/

[8] https://www.reuters.com/technology/youtube-blocks-rt-other-russian-channels-generating-revenue-2022-02-26/

This site is registered on Toolset.com as a development site.