- The Department of Homeland Security Cybersecurity and Infrastructure and Security Agency recently alerted all sectors that Chinese hackers have been actively exploiting relationships between IT service providers and their customers.
The alert followed the Department of Justice indictment of two Chinese hackers, accused of a global hacking campaign to steal data and technology secrets. Zhu Hua and Zhang Shilong are part of the APT-10 cybercriminal group, known to launch malware attacks to gain access to networks and exfiltrate data.
APT-10 was behind the breaches of 45 U.S. companies, including those in the healthcare and biotech industries, officials said. The hackers have been charged with conspiracy to commit computer intrusions, wire fraud, and aggravated identity theft.
The hacking campaign to steal from foreign governments and remote-access client-management companies began in 2014. And the hackers are accused of working on conjunction with the Chinese government.
According to the DHS alert, the hackers are hyper-focused on managed service and cloud service provider attacks. While the notice outlines ways to reduce exposure to these types of supply-chain attacks, officials warned “there is no single solution that will fully alleviate all aspects of the threat actor activity.”
As the healthcare sector highly relies on a wide range of outsourced services within the sectors being targeted by the Chinese hackers, it’s crucial those organizations assess whether their vendors are prepared for these types of attacks.
Officials recommended that IT service providers customers should ensure their vendors have conducted a review to determine whether there is a security concern or compromise. Further, they should ensure the vendor has installed the appropriate tools for this specific type of attack.
In addition, those customers should review and verify the connections between their systems, service provider systems, and other client enclaves. They also need to verify the service provider accounts within their environment are being used for its intended purpose and are disabled when not in use.
Officials also recommended those organizations evaluate their contracts with all service providers, ensuring their security controls are on par with the organization’s. Further, they should assess whether the vendor appropriately monitors and logs client systems, activities and connections on their network, and notifies them of confirmed or suspected security events or incidents on the network.
Vendor management has been problematic for the healthcare sector in recent years, but is crucial to ensuring a health organization is properly secured. The alert should serve as a reminder to address those relationships to reduce risk across the network.
CynergisTek Executive Vice President of Strategic Innovation David Finn recently told HealthITSecurity.com that supply-chain attacks will increase in 2019, especially as the industry moves into highly integrated data sharing.
“There’s so much happening in healthcare and in IT that you can’t even look at just the technology or information,” said Finn. “Hackers go after those data streams because it’s flowing and easy to get to.”