I recently had a conversation with Scott Wolff, President and owner of LanServ, a St. Louis IT and managed service provider. Scott was a recent guest expert for a MPA webinar that discussed HIPAA Security Risk Assessment and cybersecurity.
I asked Scott if there has been an increase in cyber threat activity as a result of the Russian invasion of Ukraine. Surprisingly, Scott has so far found a significant decrease in hacker activity with his clients. Maybe all the hackers are focused on Russia and Ukraine, but regardless of the reason, it is very easy for organizations to let their guard down.
Coincidently, the same thing was discussed earlier this week with some members of Congress who received a briefing on the elevated Russia cyber threat to the US. Former Cybersecurity and Infrastructure Security Agency (CISA) Director Chris Krebs led the briefing which was closed to the public. The Washington Post was able to speak to Krebs after the briefing. He is worried about complacency. He told the Post “We have been talking with some alarm for weeks, if not months, about the potential Russian threat and fatigue is real and the desensitization to ongoing activities that are happening elsewhere is real.”
Krebs also stated: “the Russian cyberthreat as especially elevated now because Putin has already demonstrated he’s willing to cross Western red lines by invading Ukraine.”
I agree with Krebs. Just because cyberattacks have not yet occurred against the United States, organizational efforts to improve cybersecurity should continue and be responsive to new threats. This is especially true for critical infrastructure entities including health care providers.
I asked Scott Wolff, President/Director of IT Operations for LanServ, Inc., for his take on the situation:
The current reduction in cyber security events started a few weeks ago, and appears to coincide with the Russian invasion of Ukraine. To many of us this may provide a much needed break from responding to the high volume increase in cyber security events over the last few years, and thus take the time to kick back and breathe a little bit.
However, I am approaching this temporary reduction in events as a “quiet before the storm scenario.” Currently, I am spending even more time than normal implementing additional security measures, as well as learning from the Russian cyber-attacks against Ukraine to build future cyber defenses should these same cyber-attacks be used against us. There is no better time than now to assess your overall network system security, and user password hygiene before the storm potentially heads back this way.
What you can do
Discuss cyber threats with your IT team or managed service provider. The Cybersecurity and Infrastructure Security Agency (CISA) provides security updates and free resources. With a high threat level, now is the perfect time to update your HIPAA Security Risk Analysis.