Cybersecurity is at top of mind for many organizations that work diligently to protect their intellectual property (IP) and consumers, and with good reason. On April 16, 2018, the Federal Bureau of Investigation (FBI) and Department of Homeland Security (DHS) issued a technical bulletin indicating Russian state-sponsored actors were targeting network Infrastructure devices worldwide. The FBI has high confidence that Russian state-sponsored cyber actors are using the compromised routers to conduct man-in-the-middle attacks to support espionage, extract intellectual property, maintain persistent access to victim networks, and potentially lay a foundation for future offensive operations.
In addition, on March 23, 2018, the FBI announced the indictment of nine Iranians working on behalf of the Iran’s Islamic Revolutionary Guard Corps (IRGC) at the Mabna Institute in Iran. It is alleged these individuals used cyber tactics to steal data from 144 U.S.-based universities and 176 universities based in foreign countries. The FBI also issued a technical FLASH bulletin in relation to this cyber threat. The defendants targeted data across all academic disciplines including medical research. This cyber threat and the stolen information may have serious implications across all critical infrastructure sectors, including the health care field and locations where sensitive medical research is being conducted.
These cases serve as a reminder that all organizations must remain vigilant and ensure the proper cybersecurity procedures and controls are in place and practiced. While the stolen information may not retrievable, steps can be taken to mitigate the Mabna threat and other nation-state-sponsored cyber threats to academic medical centers, hospitals and health systems. This will help safeguard medical research and, most importantly, protect patients. Some of these mitigating procedures include:
- Using lengthy, complex passwords
- Limiting online contact information and presence, including social media presence of those organizations and individuals involved in conducting sensitive academic or medical research
- Using multi-factor authentication for both work and personal email, remote network access and sensitive data base access
- Using a separate public facing email, which is in no way similar in structure or connected to your internal organizational email—for those individuals involved in sensitive research who must have a public presence
- Considering the practice of storing IP in network segmented, limited and monitored access, encrypted data bases
- Knowing who else has access to and stores your IP—such as business associates, other researchers, vendors and law firms
- Encrypting sensitive data at rest and in transit
- Refraining from storing sensitive data and research via email
- Having efficient and effective cybersecurity logging and incident alert capabilities
- Refraining from clicking on a suspicious or unexpected email or link
- Reviewing the included link to the FBI FLASH Bulletin for additional preventive measures recommended by the FBI
Adversarial nation states, like Iran and Russia, will continue to aggressively and broadly use cyber tactics and malware to steal sensitive intellectual property from the United States – targeting our government, private sector and academic community. By being vigilant and proactive, we can all play a part in preventing cyberattacks, which may threaten public health and safety, national security and economic security.