This week the Congressional Research Service (CRS) published a report on “The Change Healthcare Cyberattack and Response Considerations for Policymakers”. The report provides a brief look at the BlackCat ransomware attack on Change Healthcare and the wide spread consequences of that attack. It concludes by introducing a new term to cybersecurity considerations: ‘information parity’.
The author makes the point that following the FBI takedown of the BlackCat infrastructure, the ransomware organization re-grouped and encouraged its affiliates to attack hospitals and other healthcare organizations. While a number of hospitals were successfully attacked, the victim that caused the most disruption and political notice was the attack on Change Healthcare. Almost certainly, that disruption was because the immediate response to the attack was to shut down all cyber systems to stop the potential spread of the ransomware. As the report notes there is a similarity here to the attack on Colonial Pipeline: “Both attacks began with ransomware, led the victim to disconnect systems thereby causing operational disruptions, which resulted in physical consequences.” The physical consequences here were to interfere with the delivery of prescriptions to many people across the country.
In addition to a discussion about policy issued revealed by this attack, the report looks at three information parity (in this case government agencies having access to the same level of details about the situation in making agency decisions) problems raised by this incident:
• Coordination of offensive and
defensive actions,
• Knowledge of conditions in
decision making, and
• Information sharing reach.
No comments:
Post a Comment