TLP White: In this edition of Hacking Healthcare, we brief you on yet another wide-ranging ransomware attack that was exacerbated by environmental factors. Additionally, we examine a new Russian law that would require Russian software to be pre-installed on products. Finally, we explain what to expect from the Cyberspace Solarium Commission, a congressionally-mandated task force charged with reviewing U.S. cyber strategy and recommending policy changes.
As a reminder, this is the public version of the Hacking Healthcare blog. For additional in-depth analysis and opinion, become a member of H-ISAC and receive the TLP Amber version of this blog (available in the Member Portal.)
Welcome back to Hacking Healthcare.
1. New Russian Law Requires Pre-installed Russian Software.
In continuation of Russia’s ongoing effort to comprehensively control the Internet and connected devices within its borders, the country’s lower house of Parliament passed a law last week that would ban the sale of devices that did not come with pre-installed Russian software. While a complete list of affected devices is not yet available and will ultimately be determined by the government, the BBC has reported that the legislation covers smartphones, computers, and smart televisions. As it stands, the law would come into effect in July of 2020.
While supporters of the bill stress that its purpose is to support Russian companies and Russian alternatives to Western products, there has been criticism and pushback from a variety of parties. Industry has lamented the potential that some international companies may leave the Russian market due to an inability or unwillingness to comply with the new law. Meanwhile, privacy advocates and Russian citizens who oppose the current government have stressed the likelihood that this new requirement could introduce a pathway for greater government surveillance.
2. Ransomware Hits Veterinary Hospitals.
Towards the end of October, the California-based National Veterinary Associates (NVA) was hit with Ryuk ransomware. The attack ultimately affected around 400 of the roughly 700 veterinary hospitals and animal boarding facilities that belong to NVA and impacted service at some locations. NVA has not confirmed if they paid any ransom to aid their attempts to restore service.
While NVA denies that service was significantly impacted, an anonymous source relayed to Brian Krebs that “Active Directory and Exchange servers were infected. Many of the infected locations immediately lost access to their Patient Information Management systems (PIMs). These locations were immediately unable to provide care.” NVA’s response to this unfortunate event is a pledge to invest in “cybersecurity talent, new infrastructure, and better software.”
3. The Cyberspace Solarium Commission.
There is growing recognition that the dominant position the United States has historically held in cyberspace, as result of its vast resources and first-mover status, is diminishing. Russia and China have made tremendous strides in achieving something approaching parity in capabilities, and states such as Iran and North Korea routinely demonstrate how their talent is steadily growing in sophistication. Additionally, the impact cybercriminals have had on United States entities continues to cause concern among both the public and private sector. This gradual change to the status quo has forced the United States to confront the fact that the technology that is deeply embedded in every aspect of its citizens lives also creates serious vulnerabilities.
This has led to the creation of the Cyberspace Solarium Commission. Established as part of the 2019 National Defense Authorization Act, the Commission’s goal is to review U.S. cyber strategy and recommend policy changes that will better prepare the country to deal with cyber threats. The Commission was formally assembled in May of this year and is made up of 16 individuals from both the public and private sector. Included are the Principal Deputy Director of National Intelligence, the Deputy Secretary of Homeland Security, the Deputy Secretary of Defense, the Director of the FBI, members of both parties from the House and Senate, and outside experts.
Congress –
Tuesday, November 26th:
– No relevant hearings
Wednesday, November 27th:
– No relevant hearings
Thursday, November 28th:
– No relevant hearings
International Hearings/Meetings –
EU – No relevant hearings
Conferences, Webinars, and Summits –
–H-ISAC Monthly Member Threat Briefing – Webinar (11/26/2019)
–2019 H-ISAC Fall Summit – San Diego, CA (12/2/19-12/6/2019)
–H-ISAC Security Workshop – London, UK (2/5/2020)
–Global Cyber Security in Healthcare & Pharma Summit – London, UK (2/6/2020)
–H-ISAC Analysts Security Workshop – Titusville, FL (3/4/2020)
–H-ISAC Security Workshop – Cambridge, MA (4/7/2020)
–H-ISAC Security Workshop – Atlanta, GA (4/14/2020)
–H-ISAC Security Workshop – Frederick, MD (6/9/2020)
Sundries –
–1.2 Billion Records Found Exposed Online in a Single Server
https://www.wired.com/story/billion-records-exposed-online/
–The U.N. passed a resolution that gives Russia greater influence over internet norms
–Rouen hospital turns to pen and paper after cyber-attack
https://www.bbc.co.uk/news/technology-50503841
–Huawei gets a win on U.S. export waivers
https://www.axios.com/huawei-trade-with-united-states-0d9ce941-6c37-41d4-85cc-fd8bf5134da8.html
Contact us: follow @HealthISAC, and email at contact@h-isac.org