Today more than ever, millions of lives depend on the availability, accuracy, and integrity of healthcare networks as they treat patients, develop vaccines, and research medical solutions. The COVID-19 global pandemic is shining a spotlight on the critical role that healthcare research plays in national security, creating a unique opportunity to discuss the impact vulnerabilities have on this vital ecosystem. In the months since the outbreak of the virus, Chinese cyberespionage and advanced persistent threat (APT) attacks have spiked as adversaries targeted HHS and the wider medical sector in a broad campaign tailored to steal vital healthcare research. Around the world, nation-state and criminal adversaries are aggressively exploiting vulnerabilities in healthcare research environments to steal intellectual property (IP) and disrupt medical device performance. If leaders continue to eschew security and ignore the reality that their R&D is being targeted, organizations will face insurmountable financial harm, our economy will suffer, our national security will degrade, and patients’ lives will be lost.
In this publication, ICIT recommends that healthcare research stakeholders adopt holistic security controls that hold device manufacturers accountable to security requirements, incentivize security-by-design and train all personnel to be cyber hygienic by default. The research explores:
- Why is Healthcare Research Valuable?
- How Does the Theft of Healthcare Research Damages our Nation?
- Who is Stealing Our Healthcare Intellectual Property?
- Why are Research Environments Vulnerable to Attacks?
- How Can We Defend our Healthcare Research?
- What Resources are Available for Healthcare Research Community Resiliency?
The whitepaper was authored by:
- Drew Spaniel, Lead Researcher, ICIT
- Parham Eftekhari, Founder & Chairman, ICIT & Executive Director, The Cybersecurity Collaborative
ICIT would like to thank the following experts for their contributions:
- Dave Summit, CISO Moffitt Cancer Center and ICIT Fellow
- Cris V. Ewell, CISO UW Medicine and ICIT Fellow