Biden Urges Orgs to Harden Cyber Defenses, Prepare For Russian Cyberattacks

March 22, 2022 - President Biden called on private sector organizations to immediately harden their cyber defenses and prepare for potential Russian cyberattacks in a recent statement. The American Hospital Association (AHA) echoed the call to action for healthcare, encouraging healthcare organizations to take the President’s advice and ensure cyber resiliency.

“This is a critical moment to accelerate our work to improve domestic cybersecurity and bolster our national resilience,” President Biden said in the March 21 statement.

“I have previously warned about the potential that Russia could conduct malicious cyber activity against the United States, including as a response to the unprecedented economic costs we’ve imposed on Russia alongside our allies and partners. It’s part of Russia’s playbook. Today, my Administration is reiterating those warnings based on evolving intelligence that the Russian Government is exploring options for potential cyberattacks.”

In an accompanying fact sheet, the Administration urged organizations to mandate multi-factor authentication, protect against known vulnerabilities, back up data, and drill emergency plans to prepare for cyberattacks.

The fact sheet also emphasized the need to bolster the nation’s cybersecurity in the long term. The Biden Administration made its security priorities clear when it issued an executive order in May aimed at improving national cybersecurity.

In the recent fact sheet, the White House also called on technology companies to build security into their products, develop software on highly secure systems, and use modern tools to check for vulnerabilities.

The White House also encouraged the private sector to use the Cybersecurity and Infrastructure Security Agency’s (CISA) Shield’s Up campaign resources to guide cybersecurity efforts amid rising geopolitical tensions.

The AHA urged healthcare organizations to plan accordingly. The association also noted past instances of Russian state-sponsored cyberattacks that disrupted the US healthcare sector. For example, in 2017, the Russian military intelligence service deployed NotPetya malware against Ukraine, the effects of which rippled through the US healthcare sector.

The AHA provided the following list of action items for healthcare organizations:

• Share this Cybersecurity Advisory with your organization’s IT and cyber infrastructure teams.
• Hospitals and health systems should visit AHA.org to review alerts and bulletins for guidance on risk mitigation procedures, including increased network monitoring for unusual network traffic or activity, especially around active directory. Additionally, it is important to heighten staffs’ awareness of increased risk of receiving malware-laden phishing emails.
• Geo-fencing for all inbound and outbound traffic originating from, and related to, Russia, Ukraine and its surrounding region may help mitigate direct cyber risks presented by this threat; however, it will have limited impact in reducing indirect risk, in which malware transits through other nations, proxies and third parties.
• AHA also recommends that organizations identify all internal and third-party mission-critical clinical and operational services and technology; in doing so they should put into place four-to-six week business continuity plans and well-practiced downtime procedures in the event those services or technologies are disrupted by a cyberattack,
• It is essential at this time to check the redundancy, resiliency and security of your organization’s network and data backups, and ensure that multiple copies exist: off-line, network segmented, on premises and in the cloud, with at least one immutable copy.
• Ensure that emergency electric generating redundancy, resiliency and generator fuel reserves are in place and have been recently tested.
• It is also critical that a cross-function, leadership-level cyber incident response plan be fully documented, updated and practiced. This should include emergency communications plans and systems.

In recent weeks, CISA and the FBI released multiple warnings about malware variants used to target Ukraine that could impact US critical infrastructure. Threat actors deployed HermeticWiper malware against systems in Latvia, Lithuania, and Ukraine hours before Russia’s invasion of Ukraine.

WhisperGate and HermeticWiper remain top cyber threats, especially since they were designed to render targeted systems completely inoperable.

CISA also recently warned organizations about Russian state-sponsored actors who exploited multi-factor authentication protocols and leveraged PrintNightmare, a known vulnerability, to gain network access.

As tensions continue to rise, US healthcare organizations could be targeted directly or become collateral damage in cyberattacks, AHA previously warned.

“If you have not already done so, I urge our private sector partners to harden your cyber defenses immediately by implementing the best practices we have developed together over the last year,” President Biden stated.

“You have the power, the capacity, and the responsibility to strengthen the cybersecurity and resilience of the critical services and technologies on which Americans rely. We need everyone to do their part to meet one of the defining threats of our time—your vigilance and urgency today can prevent or mitigate attacks tomorrow.”