Written by Sean Lyngaas
The Department of Homeland Security’s cybersecurity wing says it has put heightened defense measures for health-care-focused organizations and research facilities in place as foreign government-backed hackers continue to try to steal U.S. coronavirus research.
“I just want you to know that we have stepped up our protections of [the Department of Health and Human Services] and [the Centers for Disease Control and Prevention] — our federally-funded research organizations,” Bryan Ware, assistant director of DHS’s Cybersecurity and Infrastructure Security Agency, told industry executives Friday. “[We’ve] significantly accelerated that work.”
CISA is regularly scanning the internet-connected devices of top pharmaceutical companies and research institutions for vulnerabilities and trying to get them fixed quickly “because we are seeing adversaries that are targeting them right now,” Ware said on a webinar focused on CISA contracting opportunities.
Ware cited efforts by China and other unnamed governments to target vaccine research, echoing recent warnings from CISA and the FBI. China has denied the allegations. On Thursday, the FBI offered U.S. companies new details on the scope of hacking during the coronavirus pandemic, describing ongoing efforts to steal “proprietary research of U.S. universities and research facilities.”
“We’ve been concerned about ransomware that we’ve seen overseas in the Czech Republic and Germany and elsewhere amongst our allies,” Ware said, apparently referring to a March cyberattack on a Czech hospital and the breach earlier this month of a Germany-based health care conglomerate. “We’ve been doing a number of things to try to prevent that ransomware scenario in the U.S. that might interrupt our ability to deliver health care.”
The coronavirus, which has strained federal resources while killing over 95,000 people in the U.S., has shifted many CISA analysts to focus on pandemic-related hacking threats.
“We pivoted our organization the first quarter of this year to really helping the nation with this COVID response,” Ware said of the cybersecurity division within CISA that he leads. “There’s nowhere that said that pandemic response was within our job, but we realized very quickly that our adversaries…whether they’re state actors or criminal actors, that they could present great risks to [the U.S.].”
CISA, he said, has “been very aggressive [in] working with law enforcement” to take down the slew of malicious web domains that criminals have created to try to scam people during the pandemic.
The agency has also leaned on a group of volunteers — analysts at cybersecurity companies around the world — to develop closer ties with health care organizations and alert them of hacking threats.
“We are literally engaged with hundreds of hospitals and health care companies and pharmaceutical companies that weren’t even on our radar screen in January,” Ware said.