By Ian Roe, Cyber Security Specialist at Department of the Environment, Climate and Communications
Covid-19 has and is challenging society to adapt and respond in order to mitigate the virus. Our Health and Social Care Services have and will continue to lead the way in driving the public health response to COVID-19. The Health Sector in Ireland has a range of measures in place to safeguard critical services. However, the possibility of cyber security incidents impacting patient care cannot be ruled out.
The National Cyber Security Centre (NCSC) is one of a number of entities who support stakeholders in the Health Sector. The NCSC assist critical national infrastructure operators in responding to the technical and organisational aspects of cyber security incidents among a portfolio of services such as malware analysis and vulnerability notification.
The Cyber Assistance Scheme was established to harness the collective expertise of the cyber security industry in Ireland and while COVID-19 is first and foremost a medical and human challenge, the Cyber Security community has shown itself willing to contribute to the national response effort.
The Health Sector Threat Landscape
The Health Sector, in common with other sectors, experienced an increase in phishing attempts at the onset of COVID-19. In the midst of this pandemic, stakeholders are adapting and evolving services to support the delivery of critical services.
Internationally, there have been a number of cyber security incidents affecting the Health Sector this year, including the ransomware attacks on the University Hospital Düsseldorf in Germany (more information) and the Brno University Hospital in the Czech Republic (more information).
In the case of the attack on the University Hospital Düsseldorf, the unavailability of IT systems due to the ransomware attack meant that the hospital was unable to accept emergency patients for a period of time; the patients had to be rerouted to other hospitals which in one case may have directly resulted in the death of a patient. The attack on the University Hospital Düsseldorf, unfortunately, illustrates the potential impact of cyber related incidents on the provision of patient care.
More recently, the United States Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS) issued a joint advisory on an imminent ransomware threat to the US Healthcare and Public Health Sector (more information). The advisory related to healthcare organisations in the United States who it indicated are being targeted with Ransomware, most notably Ryuk and Conti. Although primarily focused on the US, Ryuk has previously targeted entitles across Europe.
To assist in the national effort, the NCSC and Cyber Ireland engaged with stakeholders from the Health Sector to develop a targeted short term scheme to facilitate the rapid access by Healthcare providers to industry cyber security expertise, if they find themselves victims of a significant cyber security incident.
The Cyber Assistance Scheme
The Cyber Assistance Scheme mirrors the objectives of similar initiatives launched within Europe and beyond with some local adaptations. It is based on a collaborative model involving stakeholders across government, industry and, most importantly, the Health Sector, who will remain the lead stakeholder throughout any notified incident. The scope of the scheme extends to Hospitals, laboratory facilities and Healthcare organisations with responsibility for the management of COVID-19.
How it works
The Cyber Assistance Scheme will, if called upon, respond to cyber security incidents such as ransomware and denial of service attacks that impact the Healthcare providers’ ability to deliver critical services. The initial hours of a cyber security incident are often critical. An efficient and quick response is required to safeguard services, and it is in these early phases that the Cyber Assistance Scheme is intended to provide support although circumstances may differ in each specific case.
The NCSC in collaboration with our partner in this initiative, Cyber Ireland, launched the Cybe earlier this year asking the cyber security community to join the national effort by offering their expertise and skills on a no-fee basis in meeting this challenge.
Cyber Security experts from across the Health sector and the broader cyber security industry responded to the call and this is an illustration of how the cyber security community are prepared to collectively contribute when called on. The Cyber Assistance panel includes cyber security practitioners from a cross-section of roles such as Threat Response Analysts, SOC Managers, Lead Information Analysts and Incident Response Leads.
While the panel is composed of individuals in many cases, it is important to recognise that a number of organisations through their social responsibility programs sponsored their employees to participate in this initiative.
We should also highlight that the Health sector have measures in place and with the dedication of its employees can respond to and manage cyber security incidents now and into the future.
Similarly, there are state bodies and entities, such as the NCSC, who can and do provide assistance to stakeholders on an ongoing basis in order to protect critical services. At this unprecedented time, the Cyber Assistance Scheme is intended to supplement existing structures already in existence.
The cyber threat landscape is evolving and will continue to do so into the future. The need for vigilance is required which is shown by recent and ongoing events. By cooperating as a broad cyber security coalition in partnership with governmental authorities and Health services, we can work together to safeguard critical services for the benefit of all citizens.
If you have experience in responding to cyber security incidents, then please consider joining us in this initiative. You can reach us at [email protected],