Understaffed, under-equipped, and under-funded, for security tools and services, the healthcare industry is being targeted by cyber criminals and pariah nation states for the value of its assets. This includes its extensive PHI, PII and valuable clinical trail data and research IP.
The Russian Federation and the Peoples Republic of China have both this year, been caught red-handed attempting to steal clinical trial and research data surrounding COVID vaccines. And that says nothing of the wholesale theft of other IP from university and pharmaceutical labs, along with other research facilities going back for a decade or more in China's case.
In fact, the Chinese Communist Party (CCP) has dedicated tens of thousands of PLA officers in its various cyber divisions, to the theft of western IP and commercial trade secrets, as previously reported by Fireeye-Mandiant and many others including this blog. These actions appear to be not only purposefully targetted but part of a centrally directed campaign by Chinese leaders to ensure the success of the the CCPs 'Made in China 2025' program when it plans to be totally self sufficient from the need for western goods and services.
It is however, the rise in extortion attacks that are most worrying. A recent uptick in the level of background chatter in cyber criminal hacker forums, was cause for the FBI, HHS and CISA to issue a threat briefing that healthcare was being actively targeted by Russian Trickbot-Ryuk ransomware gangs, and that healthcare IT and security staff should be on alert. This however was not before a massive ransomware attack had decimated one more US based international health system.
After decades of under-funding and de-prioritization, how can hospitals and other healthcare providers possibly build up their cybersecurity defenses to a level that is needed to protect against a rising wave of attacks and keep patients safe? This was the subject of the first ever Healthcare Managed Security Services Forum recently attracting over 150 attendees and more than 30 speakers and panelists drawn from the crème de la crème of healthcare. A full day virtual conference that heard from CEOs, CIOs, CISOs, CMIOs, Professors and Doctors of Medicine, and more than a few experts in the field of clinical engineering and biomedical / HIoT security.
I was privileged to be asked to compère for the the all day event. Listen to the kick off below: