Cybercriminals hoping to take advantage of the chaos brought on by COVID-19 are ramping up their games against the healthcare industry — where the pace of cybersecurity remediation is markedly slower than others, yet lives are on the line.
"In healthcare, if it's a vulnerability with a medical device, for example, we need to reach out to the medical device community and make sure that they are aware we are working on it," says Errol Weiss, chief security officer at Health-ISAC (Health Information Sharing and Analysis Center). "And we need to do that while also making sure we aren't giving bad guys a leg up. We might have hospitals where something needs to be patched but can't be immediately because it's for something critical to patient safety. It adds an interesting dimension."
To be sure, getting the word out about threats, vulnerabilities, and attacks is more important than ever: While some ransomware groups said in March they would not target health and medical organizations during the pandemic, the promise did not last long. Phishing attempts by criminals masking as healthcare organizations are now rampant.
"The focus over the past six to eight weeks has been making sure members are up to date on vulnerability alerts," says Weiss. "There are also organizations who may running vulnerable VPNs and aren't aware of it. The other big one out there is unsecured RDP [remote desktop protocol] connections. We're collecting information from volunteers who are doing scanning and sharing that information with the organizations."
H-ISAC is just one of many organizations that are looking to cybersecurity volunteers who are helping out during this time of need. Thousands have banded together to form volunteer organizations that collect information needed to mitigate risks and offer to perform work gratis to help struggling healthcare companies and workers on the front lines.
Pro-Bono Work Rules the Day
As Weiss mentions, a lot of the information is gleaned thanks to information from volunteer security folks who have stepped forward to help during the health crisis.
"Healthcare workers need help that doesn't require their participation – they can't afford any of their precious time," said Tim Wainwright, managing director at Security Risk Advisor. "Infosec pros can help by testing their remote access infrastructure and COVID email scam filtering, pro bono. Pro bono ethical hackers can test new remote access infrastructure that many hospitals had to spin up quickly. All a volunteer hacker needs to get started are the network addresses."
An outside expert helping brings along an additional benefit, he says. "If there is a critical vulnerability, the hospital may be more likely to take it seriously if it's reported by an independent ethical hacker," Wainwright says.
Among the infosecurity professionals stepping forward to help the healthcare industry:
Cyber Volunteers 19
Cyber Volunteers 19, based in the UK, is a group specifically aimed at protecting healthcare systems and workers. These volunteers are working around the clock to fend off thousands of cyberattacks and sharing threat intelligence data. As news of pandemic-related attacks emerged in March and healthcare facilities found themselves under intense pressure, these security pros teamed to help add resources and intelligence to increase resilience.
"Some of the members are directly involved in finding vulnerabilities and securing them. Some are assisting with cyber awareness to help educate healthcare workers," says Joseph Carson, chief security scientist and Advisory CISO at Thycotic, who also volunteers at Cyber Volunteers. "Others are helping create content or analyze data. Some are sharing threat intelligence so proactive security changes can be made before they are taken advantage of."
To get involved with Cyber Volunteers 19, send a request to join its LinkedIn group.
Cyber Threat Intelligence League
The Cyber Threat Intelligence League (CTI League), in North America, was founded by security veterans Marc Rogers, Nate Warfield, Chris Mills, and Ohad Zaidenberg. The invitation-only group formed in March and already has thousands of members from multiple countries and sectors.
The organization's website says it offers a number of volunteer services, including helping to take down malicious websites or files from the Internet, law enforcement escalations, building a database of indicators of compromise, and even helping with the entire lifecycle of a security incident investigation.
To contact the CTI League or apply to join, head here.
COVID-19 Cyber Threat Coalition
The COVID-19 Cyber Threat Coalition is another volunteer group with thousands of security pros sharing threat intelligence and focused on stopping malicious these actors.
The group's website claims the aim to "break down traditional barriers to intelligence sharing" and that by working together they will "make patterns, outliers and trends in threats visible that would otherwise have been missed." The group is collaborating through Slack and has a threat blog with regularly updated resources on defending against COVID-19 related attacks.
Get started with the Cyber Threat Coalition by joining their Slack workspace.
'They Need the Help'
For H-ISAC, Weiss says the information it is getting from volunteer groups has been incredibly valuable.
"The focus on ransomware has been good to help out those organizations because, frankly, they need the help," he says. "The volunteers are great to help corral those resources and identify problems out there and then even make the Herculean effort to get information out there. … The work these volunteers are doing is critical."
(Image Source: sewcream via Adobe Stock)
A listing of free products and services compiled for Dark Reading by Omdia analysts to help meet the challenges of COVID-19.