The United States, along with much of the world, finds itself battling two pandemics: the COVID-19 crisis, of course, but also the cyber pandemic that has also proliferated across the globe.
In the healthcare industry, some hospitals have been hobbled for weeks at a time and at least one patient has died because of the scourge of ransomware.
The cyberattacks have become so frequent and commonplace that it's worth asking whether ransomware, like many suspect is already happening with SARS-CoV-2, is already moving from pandemic to endemic status.
"Ransomware, I think, has become the greatest challenge for most organizations," said retired Admiral Michael Rogers, former director of the National Security Agency and the former commander of U.S. Cyber Command in a recent interview with Healthcare IT News.
"Healthcare [is] an incredibly attractive target in the middle of a pandemic," said Rogers, who will be speaking next month at HIMSS21 in Las Vegas. "And criminals are aware. That's one reason why you've seen a massive uptick, particularly focused on healthcare in the past 18 months from a ransomware activity perspective."
Indeed, since the early days of the pandemic not counting the vanishingly small window when the prospect of a hacker "ceasefire" was dangled the bad guys have been hard at work, targeting the World Health Organization and COVID-19 testing sites, academic research facilities and vaccine distribution supply chains.
Their targets have also included hospitals and health systems of all shapes and sizes. Meanwhile, the size of the ransom demands is climbing skyward.
"It's gotten worse," said Rogers, who served under Presidents Barack Obama and Donald Trump. Rogers served at NSA and U.S. Cyber Command concurrently for four years before retiring in 2018.
"For a couple of reasons. Number one, the criminal segment has become much more aggressive," he said. "Why? There's a lot of money. There's a lot of money for criminal groups to be made. I may not want to pay the ransom, but I can't afford interruption or degradation of my services or operating ability to help in the middle of a pandemic. I've got to keep going."
Number two? "In the last three years since I left, nation states' risk calculus has become even more aggressive. They are willing to take even greater risks."
That's not just with ransomware. Recent headlines have shown just how far foreign cyber crooks have been willing and able to intrude upon U.S.-based information networks not just the DNC and the RNC, or Sony, but a wide array of federal agencies and private companies large and small.
Rogers points specifically to the SolarWinds and Microsoft Exchange server exploits, which stunned even seasoned cybersecurity professionals in their sheer size, scope and brazenness.
Meanwhile, ransomware seizures such as the Colonial Pipeline hack have helped bring the threat into sharp focus.
Finally, the president and Congress are paying attention, and federal security agencies seem willing to give as good as they get.
"On the positive side, there is clearly a sense that we are not where we need to be,and that it's going in the wrong direction," said Rogers.
But he says he is frustrated that the cybersecurity problems are not only persisting, but worsening.
A big reason for that is the current state of incident prevention and response especially when it comes to interrelation of the public and private sectors "has failed to deliver for over a decade," said Rogers. "I only speak for myself. But my frustration is: Why do we keep doing the same things and expect a different result?"
Sure, there are valuable organizations such as H-ISAC, the Health Information Sharing and Analysis Center, which specializes in "crowdsourced" cybersecurity, sharing threat intelligence and other best practices for protection and risk mitigation. And yes, the CISA, FBI, HHS and other agencies are good about getting out alerts and warnings to the healthcare stakeholders that need to hear them.
But too often, "the government will do its thing, the private sector will do its thing," said Rogers. "As we see things we think might be of interest to the other, as we have the time, and as we have the inclination, we'll share those insights.
"Everyone is so busy, quite frankly. Most organizations don't have time to think about it. They are just trying to defend their own systems, their own intellectual property, their own data."
To truly measure up against the scope of the cyber threatto healthcare and all industries, "I just think we've got to have a different model," he said.
"It's not about collaboration," Rogers explained. "To me, it's about integration. We've got the government and the private sector. We've got to team together 24 hours a day, seven days a week."
He acknowledged, "You can't do this at scale across every business within the private sector. But can't we start with a few sectors where the risks to our economy, to the safety and wellbeing of our citizens, to the security of our nation?Let's pick a few areas,and do some test cases, and see if a different model might produce a different result."
There are some "great examples out there where we have applied a government and private-sector model and achieved some amazing results," said Rogers.
For instance,he said, "We decided as a society that the potential loss of literally hundreds of people in an aviation accident represented such a risk that we needed to do something different," he said.
"So we created mechanisms: Every time there is an aviation accident, the federal government steps in. It partners with the airplane manufacturer, the airline that operated the aircraft, the union, et cetera. It pores over all the maintenance records. It pores over the production history of the aircraft. It looks at all the software and the hardware. It looks at how it was operated. It determines the cause of the crash.
"And then it goes a step further," he added. "It mandates that we're going to change maintenance. Sometimes we're going to change production. We're going to change the way we do software, we're going to change how the aircraft is operating.
"The net impact is we are flying more aircraftwith more people than we ever have, and yet aviation safety has actually been very strong. While we have aviation accidents, they tend not to be recurring patterns, the same cause over and over."
Compare that with cybersecurity, where we've been seeing the same techniques used by the bad guys "working over and over and over," he said.
"We have got to get to a point where the pain of one leads to the benefit of the many," said Rogers. "And yet what is happening now? The pain of the one is not shared. We don't learn from it. And so it is repeated over and over and over again. We have got to change that dynamic."
Admiral Michael S. Rogers will offer more insights at HIMSS21 as a participant in the keynote panel discussion, Healthcare Cybersecurity Resilience in the Face of Adversity. Its scheduled for Tuesday, August 10 from 8:30-9:30 a.m. in Venetian, Palazzo Ballroom.
Twitter:@MikeMiliardHITNEmail the writer:firstname.lastname@example.orgHealthcare IT News is a HIMSS publication.
- India slams Pakistan for not attending NSA-level summit on ... - November 28th, 2021
- NSA Case: Reality Winner Sues Hard Probation And The Intercept - Market Research Telecast - November 28th, 2021
- In a Tribute to De Klerk, Gusau Highlights Nigeria's Role to End Apartheid Regime - THISDAY Newspapers - November 28th, 2021
- Ajit Doval was my batchmate, but his understanding of Constitution, civil society is flawed - ThePrint - November 28th, 2021
- Accountants press IRS for faster refunds and responses - Accounting Today - November 28th, 2021
- Hyundai Mobis develops automated system for parking in tight spaces - Autocar Professional - November 28th, 2021
- Gymnastics and weightlifting chiefs: Coaches' payments not coursed through our athletes - GMA News Online - November 28th, 2021
- Car parking is a bugaboo across government, and the NSA is a case in point - Federal News Network - November 23rd, 2021
- Edward Snowden Reveals He Used Bitcoin To Leak NSA Documents Nearly 10 Years Ago - Benzinga - Benzinga - November 23rd, 2021
- NSA calls for accurate and balanced information in consumer communications - Farming Life - November 23rd, 2021
- Rehabilitation of Sunyani Coronation Park will cost GH45,000 - NSA - GhanaWeb - November 23rd, 2021
- What NSA Ajit Doval Recently Said About New Forms Of Warfare - Swarajya - November 23rd, 2021
- Consensus on Kashmir issue imperative to safeguard national interest: NSA - Business Recorder - November 23rd, 2021
- ZTE Promises on 5G: Delivered and to be Delivered - Mobile World Live - November 23rd, 2021
- Jio puts the Redmi Note 11T through 5G trial, the phone will support seven 5G bands - GSMArena.com news - GSMArena.com - November 23rd, 2021
- Egypt: End Harassment of Rights Defender - The Herald - November 23rd, 2021
- Put Your Cash to Work in These 3 High-Performing REITs - Green Entrepreneur - November 23rd, 2021
- Northern School For Autism | Education - November 17th, 2021
- Why the NSA wants to protect you from your toothbrush - MSNBC - November 17th, 2021
- The cyber battlefield against China and Russia is constantly shifting. Here's how the NSA is trying to stay on top. - DefenseNews.com - November 17th, 2021
- Love the job, hate the parking - Federal News Network - November 17th, 2021
- States Begin to Issue Guidance on Implementing the No Surprises Act: Are You Ready? - JD Supra - November 17th, 2021
- Civil Society the new frontier of War A Critical Analysis of NSA Ajit Dovals observation Part 3 - The Times of India Blog - November 17th, 2021
- Sheep farmers hit the road to demonstrate sector's place in a changing world - Devon Live - November 17th, 2021
- Your tolerance for risk in critical comms will drive your security solution - Breaking Defense - November 17th, 2021
- 'India's Support To Afghans Is Clear': MEA Briefs On NSA Meeting, Responds To Pak's Absence - Oakland News Now - November 17th, 2021
- Hyundai Mobis to assist driving in a narrow street with its new automated urban driving system - The Korea Herald - November 17th, 2021
- NSA Doval, Uzbek counterpart agree that legitimacy of any government in Afghanistan is important before issue of international recognition -... - November 9th, 2021
- Ghosts, Ghouls and Goblins Haunted North Star Academy During Annual Trunk or Treat Event | YourHub - The Know - November 9th, 2021
- AI Helping to Refine Intelligence Analysis - GovernmentCIO Media & Research - November 7th, 2021
- Political instability & prospects of civil war in Afghanistan to figure high on Nov 10 NSA meet in New Del - Economic Times - November 7th, 2021
- No leniency: Pakistani NSA warns of action against TLP ... - November 5th, 2021
- Pakistan NSA says wont attend meet on Afghanistan convened by India - Hindustan Times - November 5th, 2021
- This is a total fabrication of the government ex-NSA official William Binney on Assanges case - The - The Global Herald - November 5th, 2021
- No place for armed militia in the country: Pak NSA warns TLP protesters - The Shillong Times - November 5th, 2021
- Businesses don't talk about being victims of cyberattacks. That needs to change - ZDNet - November 5th, 2021
- India invites key stakeholders including Pakistan for NSA ... - October 30th, 2021
- India, Kyrgyzstan hold first strategic dialogue, discuss ... - October 30th, 2021
- Ex-NSA hacker says a supply chain cyberattack is one of the things that keeps him up at night - CNBC - October 30th, 2021
- Warfare areas shifting from frontier to civil societies: NSA - The Tribune India - October 30th, 2021
- TLP has crossed a red line: NSA Moeed Yusuf - The Nation - October 30th, 2021
- Canalys: Honor is the third-biggest smartphone maker in China for Q3 2021 - comments - GSMArena.com - October 30th, 2021
- MP CM says NSA will be invoked against black-marketing of fertilizers - Devdiscourse - October 30th, 2021
- Gen. Nakasone: 'Partnership is Where Our Power Is' - MeriTalk - October 30th, 2021
- NSA Ajit Doval stresses need to build bio-defence to tackle 'deliberate weaponization of dangerous pathogens' - Republic World - October 30th, 2021
- Intelligence community workforce is more diverse, but still struggles with retention and promotion - Federal News Network - October 30th, 2021
- Cloud computing: The most trending companies on Twitter in Q3 2021 - Verdict - October 30th, 2021
- We are not aware of the 'No Vaccination, No Entry and E-Ticketing policy - NSA PRO - Kickgh.com - October 30th, 2021
- Long before Havana Syndrome, the U.S. reported microwaves beamed at an embassy - NPR - October 21st, 2021
- CISA, NSA, FBI say BlackMatter ransomware group is targeting the US food industry - TechCrunch - October 21st, 2021
- CISA, FBI, and NSA Release BlackMatter Ransomware Advisory to Help Organizations Reduce Risk of Attack - Hstoday - HSToday - October 21st, 2021
- Zelis helps address new NSA and TiC regulations - Healthcare Dive - October 21st, 2021
- UPDATE: NSA Bethesda on lockdown due to bomb threat, shelter in place orders lifting - phl17.com - October 21st, 2021
- Leading cybersecurity officials call for real collaboration between the public, private sectors to fend off threats of cyber threats - Office of... - October 21st, 2021
- UNG : NSA Grant Will Fund Chinese And Astronomy Education - Patch.com - October 21st, 2021
- Nellis is doing its part in greening the desert through solar energy - Tyndall Air Force Base - October 21st, 2021
- Long before Havana Syndrome, the US reported microwaves beamed at an embassy | NPR - Houston Public Media - October 21st, 2021
- Government help needed to prevent cyberattacks in ag sector - Farm Progress - October 21st, 2021
- Rail roko agitation: Section 144 imposed in Lucknow; police warn of NSA over disruption of normalcy - India TV News - October 21st, 2021
- India has to augment tracking capabilities across geographies, protection of space assets: NSA Ajit Doval - Economic Times - October 11th, 2021
- Pentagon says NSA working with big companies on cyber information sharing - ETCIO.com - October 11th, 2021
- NSA competition asks children to help in the fight against sheep worrying by dogs - Agriland.co.uk - October 11th, 2021
- Kremlin refutes US NSA Sullivan's claims of Russia using energy resources as weapon - Republic World - October 11th, 2021
- 'Pakistan Should Be Confronted With International Isolation For Supporting Jihadist Terrorists': Former US NSA - Swarajya - October 11th, 2021
- Edward Snowden: CBDC Is a Perversion of Cryptocurrency - CryptoPotato - October 11th, 2021
- NSA director expects to be facing ransomware attacks 'every single day' in five years | TheHill - The Hill - October 7th, 2021
- Greenpoint This Week: Mo's General, NSA Noodle Bar and more - greenpointers.com - October 7th, 2021
- Zelis Helps Address New NSA and TiC Regulations - HealthLeaders Media - October 7th, 2021
- NSA, CISA Release Guidance on Selecting and Hardening Remote Access VPNs - Hstoday - HSToday - October 3rd, 2021
- Winners of 2021 National Cross-Country race receive additional prizes from NSA - BusinessGhana - October 3rd, 2021
- We don't have any contract with NSA Kwame Baah Nuako - Myjoyonline - October 3rd, 2021
- Even the CIA and NSA Use Ad Blockers to Stay Safe Online - WIRED - September 27th, 2021
- Who's Worried About the State of Online Advertising? The NSA and CIA, For Starters. - InsideHook - September 27th, 2021
- Even the NSA Agrees: Targeted Ads Are Terrifying - Gizmodo - September 27th, 2021
- The NSA and the CIA use ad blocking tools to stay safe - BOB fm - September 27th, 2021
- NSA welcomes the lifting of a ban on British lamb imports by USA | News and Star - News & Star - September 27th, 2021
- Policies of Indian govt not in favor of entire region: NSA - Dunya News - September 27th, 2021
- JUMP Global Technology Advisors And IronNet Launch Strategic Initiative To Protect The Entertainment Industry From Cyber Attacks - Yahoo Finance - September 27th, 2021
- Opinion: You do have something to hide Scot Scoop News - Scot Scoop News - September 27th, 2021
- Edward Snowden releases statement against using ExpressVPN on his Twitter: Here's Why - Republic World - September 27th, 2021