Surge in Blended Attacks Stirs New Cyber Worries

It sounds like a nightmare: A targeted piece of malware infects computers and devices, temporarily shutting down critical technologies used in the healthcare community.

As the malware begins to become contained, a natural disaster hits the region. As people in need of help flood into medical centers, researchers discover additional concerns inside the malware’s code. This type of attack is known as a “blended threat” – a natural, accidental, or purposeful combination of a physical with a cyber incident.

Thankfully, this is not a real event but just one of the threat scenarios that the National Health Information Sharing and Analysis Center (NH-ISAC) will use in its 2018 Blended Threats Exercise Series being held this summer and fall in different locations around the country. This six-event series will bring together cyber security leaders from the healthcare industry to work through different scenarios and to learn how to handle a blended threat, understanding their complexity and impact potential.

These scenarios were developed based on a threat-informed, risk-based understanding of the current and emerging threat environment with considerations to recent incidents, such as major ransomware outbreaks.

“These exercises will stress participants to consider threat-informed, emerging security challenges that organizations should be proactively preparing for,” said Denise Anderson, President, NH-ISAC. “Considering blended threats and the need to coordinate with multiple parts of the organization, these workshops should allow for candid, respectful insights, ideas and challenges from participants, to help all involved further develop their security programs and preparedness.”

A Needed Discussion

While such a worst-case scenario might seem unlikely, it is still eminently possible. There have been 165 cyber incidents reported through the Department of Health and Human Services’ Office of Civil Rights Breach Portal during the first half of 2018, affecting more than 3.2 million individuals.

Both April and May saw the highest numbers of reported incidents this year, with more than 800,000 individuals affected each month. While these numbers do not cover a long enough period to establish a trend, they are alarming on their own. NH-ISAC helps healthcare organizations share threat information that could aid in this fight to reduce breaches.

As cyber threats continue to evolve, healthcare organizations need to stay abreast not only of the threats, but also stay informed about industry best practices to combat them. This includes both cyber and physical threats that offer different problems, and require a different approach, from healthcare providers.

Symantec is proud to take part in this program. We take great pride in our partnership with NH-ISAC and see information sharing among healthcare organizations as a valuable part of a comprehensive overall cyber defense.

To help with the planning and response to potential blended security incidents, this series of exercises will include the following:

• August 28: Gilead Sciences – Foster City, CA  
• September 10: Christiana Care Health System – Newark, DE  
• October 2: Philips Healthcare – Alpharetta, GA  
• October 4: Johns Hopkins Univ. Applied Physics Lab – Laurel, MD 
• November 19: Cedars Sinai Medical Center – Los Angeles, CA

The first event was held July 25 at Boston Scientific in Maple Grove, Minnesota. The early feedback has been positive, as attendees worked through a blended scenario localized to their specific area. They were able to discuss the challenges, but more importantly think about the different aspects of a blended attack and how they impact one another.

These scenarios not only present an opportunity for healthcare leaders to share their thoughts on how to manage difficult situations, as well as a time to think outside the box. As cyber threats continue to evolve so must those that defend it. These exercises will provide an opportunity to hold those conversations, along with so much more.

While these scenarios are difficult, they will be discussed in a low stress environment. The goal is to facilitate a conversation about best practices, not to hold attendees’ feet to the fire.

“We want them to walk away more aware of the types of threats and challenges they may face, while better knowing their professional colleagues. The goal is to return to their organizations with knowledge to enhance their security and resilience,” Anderson said. “We want them to really think about all of the possible scenarios they could encounter along with the impacts and consequences.”

If you found this information useful, you may also enjoy:

• Register for Blended Threats Exercise Series
• Symantec White Paper: Blended Attacks Exploits, Vulnerabilities and Buffer-Overflow Techniques in Computer Viruses