Virtual army rising up to protect health care groups from hackers

Virtual army rising up to protect health care groups from hackers
© The Hill illustration/Madeline Monroe

As the world continues to grapple with the COVID-19 pandemic, a related crisis has emerged. 

Hackers are taking advantage of the increased reliance on networks to target critical organizations such as health care groups and members of the public, stealing and profiting off sensitive information and putting lives at risk. 

But cyber criminals are increasingly coming up against an army of information security professionals worldwide, who have come together over the past months to fight a quiet daily war online to block the efforts of hackers.

ADVERTISEMENT

One network of these white hat hackers is the nonprofit COVID-19 CTI League, which is made up of more than 1,400 volunteers in 76 countries and 22 different time zones from sectors including information security, telecommunications and law enforcement. 

The group’s goal is to thwart efforts by criminal organizations to dismantle critical systems, including those that overworked hospitals rely on to ensure treatment for patients suffering from COVID-19. 

Marc Rogers, the executive director of cybersecurity at software group Okta and one of the leaders of the CTI League, told The Hill that the mobilization of internet security professionals during the pandemic made him optimistic about fighting back. 

“There is a literal army of infosec people out in the community who are working to protect these establishments,” Rogers said. “We haven’t seen any catastrophic situations yet, and I’m quietly hopeful that that’s because of the proactive work that all of these groups are doing.”

The group was only established in early March but has grown by leaps and bounds as members have quickly joined in the effort to defend vulnerable systems from attack. 

According to an initial progress report published by the group this week, members have assisted law enforcement in taking down almost 3,000 cybercriminal assets online, and identified more than 2,000 cyber vulnerabilities at hospitals, health care groups and supporting facilities.

ADVERTISEMENT

The CTI League is not the only new group formed in order to address increasing cyber threats. 

C5 Capital helped bring together and form the Cyber Alliance to Defend Our Healthcare last month. The group was formed after cybersecurity portfolio groups managed by C5 began reporting spikes in cyberattacks on both the United Kingdom's and Sweden’s health systems, and is currently made up of over a dozen top cybersecurity groups lending their skills to defend these networks. 

“We were beginning to get calls from all over Europe in particular that there was a significant escalation in cyberattacks from March onward,” C5 Founder Andre Pienaar told The Hill. “We decided we had to do something to help, and launched the Cyber Alliance to Defend Our Healthcare as part of a transatlantic effort to protect the crucial care provided by hospitals and clinics.”

And health care organizations, where IT staffers are overworked and on the front lines of the COVID-19 pandemic, desperately need these protections. 

The World Health Organization and the Department of Health and Human Services were among health agencies targeted by hackers in March, while an FBI official said last week that the agency was receiving between 3,000 and 4,000 cyber crime reports every day, up from a usual average of 1,000 per day. 

Ransomware attacks have increasingly become a method of choice for hackers, who according to Pienaar and other officials include both cyber criminal organizations and those backed by nation states. 

Ransomware attacks, which involve locking up a system and demanding payment, hurt operations at the second largest hospital in the Czech Republic and an Illinois health agency in recent weeks. International police agency Interpol issued a formal alert this month warning hospitals in its 194 member states that these attacks may increase. 

“We have seen a significant escalation in the size or ransom,” Pienaar said. “Before it was in the range of $5 million, and have seen a significant increase to more like $15 million.”

Rogers described the current situation as a bonanza for hackers looking to make money, but emphasized that cyber criminals were now going up against those intent on blocking them. 

“I would say the only comparable analogy in my head is during world wars, we saw the same kind of civilian army rising to defend their country,” Rogers said. “This led me to calling this World War Cyber, everyone sees the same threat, everyone realizes they have to put aside their differences, they need to break down barriers.”

The civilian information security groups are not alone in their fight against cyber criminals. 

A key feature of the work of these groups is maintaining contact with law enforcement, working hand-in-hand to fight and block hackers, including working with the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) at the Department of Homeland Security. 

ADVERTISEMENT

CISA Director Chris Krebs told The Hill in a statement on Tuesday that there will only be an increase in cyberattacks connected to the pandemic, and that he “looked forward” to continuing to work with groups like CTI in the fight to defend against hackers. 

“We have seen, and are likely going to continue to see, an increase in bad guys taking advantage of the COVID-19 pandemic to target businesses, governments and individuals alike. CISA is working around the clock with our public and private sector partners to combat this threat,” Krebs said. 

Krebs praised the CTI League, saying its work “has helped disseminate indicators of compromise to network defenders, improve vulnerability management in the nation’s medical infrastructure, and manage supply chain risks in the medical sector.”

And Capitol Hill has taken notice of threats posed to health care groups and other critical organizations.

Democratic Sens. Mark WarnerMark Robert WarnerGrenell says intelligence community working to declassify Flynn-Kislyak transcripts McConnell gives two vulnerable senators a boost with vote on outdoor recreation bill The Hill's Coronavirus Report: Mnuchin sees 'strong likelihood' of another relief package; Warner says some businesses 'may not come back' at The Hill's Advancing America's Economy summit MORE (Va.), Ed MarkeyEdward (Ed) John MarkeyOVERNIGHT ENERGY: New documents show EPA rolled back mileage standards despite staff, WH concerns | Land management bureau grants 75 royalty rate cuts for oil and gas | EPA employees allege leadership interference with science in watchdog survey EPA's Wheeler grilled by Democrats over environmental rollbacks amid COVID-19 Markey says EPA administrator should apologize to minorities for coronavirus response MORE (Mass.), and Richard Blumenthal (Conn.), along with Republican Sens. David Perdue (Ga.) and Tom CottonThomas (Tom) Bryant CottonChinese official accuses US of 'pushing our two countries to the brink of a new Cold War' Sunday shows preview: States begin to reopen even as some areas in US see case counts increase Senate Republicans call on DOJ to investigate Planned Parenthood loans MORE (Ark.), sent a joint letter on Tuesday to both CISA and U.S. Cyber Command urging the agencies to take action to prevent cyberattacks on hospitals and research groups involved in fighting the spread of COVID-19. 

“During this moment of national crisis, the cybersecurity and digital resilience of our healthcare, public health, and research sectors are literally matters of life-or-death,” the senators wrote. 

ADVERTISEMENT

Pienaar saw the dual focus on cyber threats by government, law enforcement and the private sector as key to addressing cybersecurity vulnerabilities. 

“I think it’s crucially important from a national security point of view, from a law enforcement point of view, to combat the pandemic that cybersecurity of the health care sector gets properly attended to and that we build a strong public-private partnership behind it, and the private sector does it all it can to protect our governments,” Pienaar said. 

Regardless of when the COVID-19 pandemic ends, both Rogers and Pienaar were optimistic about the future of the virtual army built to defend critical networks, with Rogers saying it could be used to help defend elections or during other potential crises. 

“What we’re thinking about is ‘how do we keep this going,’ because we have achieved so much,” Rogers said. “It would be so amazing if we could put together this group ... good guys could come together and counterattack, I think if we could achieve that we would make the internet a much safer place.”