Contact The Editor
Articles By This Author
The group, which calls itself the Cyber Alliance to Defend our Healthcare, struck deals with 87 hospitals and four national health-care services in Europe over the past month. Organizers hope to make similar arrangements with numerous U.S. hospitals this month, they told me.
The effort could be a lifeline as criminals take advantage of coronavirus to lock hospital employees out of their computer systems in exchange for ransoms. They're especially dire - and lucrative - during the pandemic since hospitals can't afford to be booted out of their systems for any length of time.
"This becomes a matter of life and death because hospitals have their IT systems locked down, sometimes medical devices, too, and can't function," André Pienaar, founder of C5 Capital, a cybersecurity-focused investment firm that launched the alliance, told The Washington Post.
The alliance also plans to offer cybersecurity help to labs working on coronavirus treatments and vaccines.
That's partly to prevent their work being slowed by disruptive attacks and to ensure the work isn't stolen by hackers in adversary nations that want to manufacture copycat treatments or to get a leg up on innovation.
"Protecting that intellectual property is crucial because that's the future of our health-care community," retired Gen. Keith Alexander, former U.S. Cyber Command chief, told The Washington Post.
Alexander's company, IronNet Cybersecurity, is one of about 20 companies that are offering free protections through the health-care alliance so far. Pienaar hopes to significantly raise that number as more U.S. hospitals sign up for help, he said.
The alliance is yet another example of volunteers stepping in to help a vital industry in which cybersecurity protections haven't kept pace with a boom in threats. It may get help from another volunteer cybersecurity protection group, called the Cyber Threat Intelligence League, which has focused mostly on taking down the digital infrastructure hackers are using to target health-care systems during the pandemic and identifying common security bugs that hospitals should patch.
And cybersecurity pros in the United States launched an initiative called Defending Digital Campaigns last year to offer free and reduced-price help to political campaigns that are being targeted by Russia and other U.S. adversaries.
Hospitals are far more sophisticated when it comes to protecting themselves online than bootstrap political campaigns, said Ron Gula, a cybersecurity investor who helped fund the election effort and is helping recruit companies to join the health-care alliance.
Still, hospitals are still ill-prepared for the volley of attacks they're facing now. "They just got hit with a huge [coronavirus] crisis and they're down manpower. So, there's a. . . lack of focus on these critical [cybersecurity] issues," Gula said.
There's no hard data about how much hacking against hospitals has increased during the pandemic, but the FBI and Interpol have both described significant spikes. And cybersecurity pros warn the threat is likely to continue as long as the pandemic lasts.
The alliance also plans to work directly with hospitals, advising their IT staffs on better ways to protect themselves. And the group plans to publish lists of big-picture cybersecurity recommendations for hospitals to follow.
A lot of that work will be done on a volunteer basis by security pros at member companies, Pienaar said.
"Many [chief cybersecurity officials] in health-care institutions have not seen this scale of cyberattacks. Many of them are overworked and overstretched. So, the alliance is going to be giving a lot of advice on a daily and weekly basis," Pienaar said.
They're also hoping their work to improve hospitals' cybersecurity protections now will make them better prepared for future threats. The health-care sector has broadly improved its digital protections in recent years and grown better at sharing information about threats so that it's easier to defend against them. But it has lagged other sectors, such as financial services, that have far more mature systems for jointly combating hacking.
"There is no air traffic control picture for health care," Alexander said. "The software that we're putting on the table says, 'Let's build together a comprehensive picture of what's hitting the sector' . . . I believe that will start to change the way we think about cyber."
(COMMENT, BELOW)