/* ---- Google Analytics Code Below */

Wednesday, November 16, 2022

Proposing a Digital Red Cross

An attempt to make healthcare institutions more secure.  

Interesting, but we note that Bruce Schneier has a number of cautions about the idea.   With lots of additional expert comment at the link.

Red Cross Wants Digital Symbols to Deter Hackers From Healthcare Institutions

The international organization proposed three options that could serve as a digital equivalent of the red cross symbol

The International Committee of the Red Cross proposed creating a digital equivalent to its distinctive red symbol to warn off hackers who attempt to break into medical institutions’ networks. Such a digital emblem would deter some but not all hackers, Red Cross advisers say, at a tie when hospitals are frequently hit with cyberattacks.

The emblem wouldn’t provide technical cybersecurity protection to hospitals, Red Cross infrastructure or other medical providers, but it would signal to hackers that a cyberattack on those protected networks during an armed conflict would violate international humanitarian law, experts say, Tilman Rodenhäuser, a legal adviser to the International Committee of the Red Cross, said at a panel discussion hosted by the organization on Thursday.

“No one should mistake it as a silver bullet, it’s simply a symbol of protection,” he said.

Dozens of hospitals have been hacked worldwide during the pandemic. Chicago-based CommonSpirit Health, which operates more than 140 hospitals across 21 U.S. states, was hit with ransomware last month, resulting in outages of electronic medical records and patient portals. Surgeries and other procedures were disrupted at CHSF Hospital Centre near Paris after a ransomware attack in August. Ransomware gangs target hospitals because they provide critical services and are therefore more likely to pay to restore their technology systems, experts say.

Since February, when Russia invaded Ukraine, several healthcare providers have suffered cyberattacks, according to the CyberPeace Institute, a Geneva-based organization that provides cybersecurity assistance to nonprofits.

CyberPeace Institute, which tracks cyberattacks on Ukraine and its allies, says four such incidents occurred at healthcare institutions in Ukraine between February and October, including three low-level attacks on hospital websites, and five in Estonia and other countries that provide support to Ukraine.

“There has been absolutely no restraint on attacking healthcare since the beginning of the invasion,” said Stéphane Duguin, CyberPeace Institute’s chief executive.

Red Cross analysts and external cybersecurity experts proposed three digital symbols Thursday: a file on each of the hospital’s computers or devices, an emblem built into web domain names, and code associated with the IP addresses of medical facilities. The Red Cross and its cyber advisers worked for more than two years on the project.  ... '

No comments: