North Korea is using ransomware attacks on the healthcare sector as a way to enhance their cyber operations against the U.S. and South Korean governments, said joint alert from the US and South Korea.
This CSA provided an overview of the continued attacks by on the healthcare sector by the North Korean state-sponsored threat actors. The authorities also warned the Healthcare and Public sector against the Maui and H0lyGh0st ransomware used in DPRK ransomware campaigns and how the threat actors were using the ransom to further espionage.
The advisory highlighted that the healthcare, and public health sector must be safeguarded with a sector-specific plan since all sectors of the economy rely on and work together with other sectors.
The National Infrastructure Protection Plan (NIPP) outlines the steps to secure national infrastructure along with increased resilience and reduced vulnerabilities.
State-sponsored cyberattacks on the healthcare and public health sector
The United States National Security Agency (NSA), the US Federal Bureau of Investigation (FBI), the US Cybersecurity and Infrastructure Security Agency (CISA), the U.S. Department of Health and Human Services (HHS), the Republic of Korea (ROK) National Intelligence Service (NIS), and the ROK Defense Security Agency (DSA) referred to as the ‘authoring agencies’ are urging the healthcare sector to stand against increased cyberattacks through the “stop ransomware movement”.
The healthcare and Public healthcare sector have been warned against the Democratic People’s Republic of Korea (DPRK) state-sponsored ransomware and the use of the Maui ransomware that has been used to target healthcare.
Maui ransomware is an encryption binary of which the sample SHA256: 5b7ecf7e9d0715f1122baf4ce745c5fcd769dee48150616753fec4d6da16e99e was examined. It was found that it requires manual execution and encrypts with AES 128-bit encryption.
Similarly, Killnet has also been targeting the healthcare and public health sector and even left a threat for US congress to release personal data. A 23-year-old Killnet member was arrested in May 2022 for cyberattacks on the Romanian government websites.
The NIPP 2013 to secure the healthcare and public health sector
The NIPP, which was released in 2006 and later revised in 2009, claims to meet the Presidential Policy Directive (PPD) 21: Critical Infrastructure Security and Resilience, 2013. The PPD called for greater cybersecurity with the collaborative effort of the Federal government and the critical infrastructure operators teamed by the SLTT entities.
The PPD-21 introduced the joining of the federal agency called Sector Risk Management Agency (SRMA) to work for the security of the 16 critical national infrastructures. It includes defense, emergency, communication, food, healthcare, transportation, and water among others.
Several other steps and tools have been made available for the larger critical infrastructure community such as courses created by the Federal Emergency Management Agency (FEMA) Emergency Management Institute.
The blueprint also maintains the best practices and guidelines on what to do before and after an attack including collecting audit logs and maintaining storage that complies with the management audit logs management process, as a response to a ransomware attack.
Here are some steps noted in the ‘Know Your Environment’ category in CISA’s blueprint on handling ransomware attacks:
- Keeping a clear enterprise asset inventory’
- Maintaining a software inventory with title, publisher, initial install data, etc.
- Making sure that the authorized software is always supported
- Keeping ready a data management process collecting sensitive data including the owner of the information, data retention limit, reviewing of the data annually, etc.
The US government, law enforcement agencies, and the guardians of security are making every effort to secure the healthcare and the public health sector with refined policies, and collaborative efforts from various agencies.
The American Hospital Association (AHA) has been pondering over the use and potential misuse of artificial intelligence in healthcare and the Public Healthcare Sector.
It detailed how AI may not provide the best transparency or accountability of outcomes leading to data dubious security standards, within the resources available. The AHA has also put forth three proactive steps that healthcare can take to secure their IT systems.
To have a broader strategy for reimagining health care, the following three key steps were highlighted in the AHA transformation talks:
- Assessing applications and codes provided by third-party including HER vendors and medical device manufacturers.
- Having a control network to monitor networks for suspicious traffic to the health care critical infrastructure.
- Conducting regular tests to find gaps in security controls, vulnerability scanning, and pentesting, to have the speediest remediation against cyber incidents and threats.
