Healthcare providers of all sizes need another level of protection for their online systems. As tensions rise in the Middle East, cyberattacks are likely to increase on all forms of US infrastructure, including healthcare. These attacks are serious as they are likely sponsored by groups like The Islamic Revolutionary Guard Corps (IRGC) of Iran.
We’ve had two recent warnings of this threat:
- On October 13, 2023, the US National Security Agency (NSA) warned of increased cyber threats from state-sponsored actors in the Middle East.
- On October 27, 2023, leading security firm Mandiant released a report stating that it had observed increased activity from Iranian-affiliated hacking groups in recent months.
Many healthcare systems would not even stand up against attacks by lower level criminal groups, let alone state sponsored ones. So if any of your healthcare clients have not taken up Cyber Liability Insurance, we suggest you again recommend it to them, with a new level of urgency. This is not an idle threat, the Islamic Revolutionary Guard has been very active lately, after initially targeting US healthcare providers in 2016.
Here is the background story:
A startling discovery
In 2016, A cybersecurity investigator at Google subsidiary, Mandiant, made an alarming discovery. The malware that had just been used in a large scale cyber attack on healthcare providers looked somewhat familiar. When he inspected in more closely, he found the same code had been used previously, in attacks against infrastructure projects. But more alarming was the organization behind this malware: The Islamic Revolutionary Guard Corps (IRGC) of Iran.
The investigator’s findings were a major breakthrough in understanding the Iranian government’s involvement in cyber attacks against US healthcare providers. The findings also showed that the IRGC was developing new and sophisticated malware that could be used to more effectively target healthcare organizations.
Taking it to a whole new level
The following year, the IRGC took these attacks to a whole new level, launching a major cyber attack against the US Department of Health and Human Services (HHS). The attack disrupted the HHS website and compromised the personal information of over 22 million people.
This time it was attributed to a group of hackers known as ‘Charming Kitten’, but investigators immediately recognized the prints of the IRGC, making ‘Charming Kitten’ another of Iran’s many state-sponsored hacker groups.
‘Charming Kitten’ used a variety of sophisticated methods to gain access to the HHS website, including phishing attacks and exploiting software vulnerabilities. Once they had access to the website, the hackers compromised the personal information of millions of Americans, including Social Security numbers, dates of birth, and contact information.
Aside from being a major embarrassment for the US government, the HHS website attack represented a new level of sophistication — a significant breach of security and it demonstrated that Iranian hackers are capable of targeting and compromising even the most sensitive US government systems.
In 2020, Iranian hackers again targeted a number of US healthcare providers, including hospitals and clinics. The hackers used ransomware to encrypt the providers’ computer systems, demanding a ransom payment in exchange for the decryption key.
This time, the attacks were attributed to a group of hackers known as ‘NetWalker’ but again, investigators found the level of sophistication too great for it to be just another criminal group. Evidence pointed to Netwalker being another state sponsored IRGC affiliate.
The attacks 2020 attacks caused a significant disruption to US healthcare services. Many providers had to delay or cancel appointments, and some even had to divert patients to other hospitals.
A similar attack was conducted against another hospital in 2022, causing the same kind of disruptions.
“rapidly accelerating” cyberattacks
In May this year, Microsoft announced that Iran had been “rapidly accelerating” cyberattacks since mid-2022. The tech giant attributed 24 cyber operations since June 2022 to Iran’s so-called ‘Cotton Sandstorm’, which the U.S. Treasury had also linked to cyberattacks on the 2020 presidential election.
As geopolitical tensions continue to escalate between the United States and Iran, the IRGC is expected to ramp up attacks on US Infrastructure, including healthcare providers. With this looming threat in mind, we urge commercial agents who are responsible for advising healthcare and senior living providers, to address the need for comprehensive Cyber Liability Insurance as a matter of urgency.
With IRGC sponsored groups, we are not simply dealing with opportunistic criminal gangs. These are state sponsored hackers, with all the resources of the Iranian government behind them, using extremely sophisticated methods to access online systems. Just being vigilant with internet security is not enough.
This is why we work with carriers who go beyond just offering traditional coverage. They include comprehensive security advice and vulnerability testing in their policies. So if any of your healthcare clients have not yet taken up Cyber Liability Insurance, we urge you to recommend it with renewed urgency.
Agents need to double down and ensure their clients have Cyber Liability Insurance as a matter of urgency.
Get a Quote Now
Get a Cyber Liability Insurance quote for your client or contact Westwood and find out how much our Carriers are committed to preventing cyber attacks now.