How H-ISAC Is Tracking Russia-Ukraine CyberthreatsH-ISAC President Denise Anderson on the Importance of Sharing Cyber Information
The Health Information Sharing and Analysis Center is closely assessing the Russia-Ukraine war to assist its members, as well as other healthcare sector entities, to prepare for the potential known and yet-unknown cybersecurity threats that could affect them, says H-ISAC President Denise Anderson.
"Obviously, there is concern, and we're monitoring the threat landscape as close as possible," she says. "Right now, we've not seen anything target as U.S. healthcare, but obviously there's concern over spillovers like the Petya/NotPetya situation. So we are encouraging our members to be vigilant," she says in an interview with Information Security Media Group.
In fact, on Tuesday, H-ISAC, along with the Department of Health and Human Services' Health Sector Cybersecurity Coordination Center, or HC3, issued a joint bulletin to raise awareness of the Russia-Ukraine conflict and credible threats to U.S critical infrastructure sectors, including the healthcare sector, and potential mitigations for Russian cyberattacks.
The bulletin came on the heels of a Monday warning from the Biden administration saying that evolving intelligence shows that Russia may be exploring options for potential cyberattacks.
Anderson stresses that healthcare sector entities should ensure their applicable software and systems are patched to the latest versions. "Be in touch … with the situational awareness and know if there are any threats or campaigns out there. Be diligent in making sure [organizations] can be resilient in their operations."
There are additional security considerations involving the Russia-Ukraine conflict concerning U.S. healthcare sector entities that have operations in surrounding European countries. "They need to have plans ready to be put in place to react very quickly if there is spillover," she says.
"That includes issues such as having evacuation plans - including one-hour and 24-hour evacuation plans. What do you do with your documents and your data? What do you do with your employees - how can you track them? Even basic payroll issues … have been a challenge in regions," Anderson says.
Aside from the current Russia-Ukraine conflict, H-ISAC is intently focused on helping to share critical cybersecurity threat intelligence and related information to its members, and even nonmembers, Anderson says.
For instance, in 2021, H-ISAC issued 419 targeted security threat alerts that affected specific companies - and not all that were members of H-ISAC, she says. "About 49 of these were nonmembers that we were able to alert and help them mediate against. We also published over 242 intelligence reports and shared 65,812 indicators of compromise through our automated sharing channel."
H-ISAC also works with vendors and threat researchers to prepare vulnerability alerts "before it becomes public knowledge, so that members can take advantage of that situation and prepare to mitigate against any potential threats that might arise."
In the interview (see audio link below photo), Anderson also discusses:
- Highlights from H-ISAC's recently released inaugural annual report, "Connecting for Patient Safety and Healthcare Ecosystem Resilience";
- H-ISAC's work around medical device cybersecurity;
- The collaboration between H-ISACs and other critical infrastructure industry ISACs.
Anderson is president of H-ISAC, one of more than a dozen ISACs whose mission is protecting the nation's critical infrastructure from attacks through dissemination of trusted and timely information. She also serves as the chair of the National Council of ISACs and is a health sector representative to the National Cybersecurity and Communications Integration Center.