Attack Surface Management
,
Healthcare
,
Industry Specific
Health ISAC, AHA Bulletin Urges Entities to Bolster Physical, Cyber, Preparedness
Threats transmitted on social media intimating coordinated terrorist attacks on hospitals in mid-tier U.S. cities have industry authorities warning the healthcare sector to shore up physical and cybersecurity, as well as emergency management response plans.
See Also: AI, Cloud, and Cyber Threats: A Financial Sector Survival Guide
The Health Information Sharing and Analysis Center and the American Hospital Association in a joint alert published late Wednesday said they are working with the FBI and awaiting any additional details that can be shared with their members. Foreign terrorists generally don’t advertise upcoming attacks, but social media posts threatening a wave of violence against hospitals in cities with 100,000 and 500,000 residents “may encourage others to engage in malicious activity directed toward the health sector.”
As of Thursday, the AHA and Health ISAC were not aware of the existence of any additional information to corroborate the credibility of the threat or to conclusively assert that the threat is a hoax or misinformation, said John Riggi, national advisor for cybersecurity and risk at the AHA. “What we can say is that we are in daily communication with FBI headquarters, and they are actively and aggressively pursuing the alleged threat,” he said.
“Uncorroborated, but widely circulated ‘threats’ such as this always poses a dilemma for law enforcement and organizations like the AHA and Health ISAC,” Riggi said. “We don’t want to add any credibility to uncorroborated threat. But, we to need to proactively make the field aware of the existence of the threat and recommend reasonable measures to counter the possible threat,” he said.
The Health ISAC and AHA said that social media sightings about the potential threats include a post on X – formerly Twitter – by a user at American Kinetix, a global operational services support firm. That company’s website says its leadership is comprised of former CIA and Joint Special Operations Command veterans.
The post warns of a “highly credible threat” involving ISIS-K “actively planning coordinated, multi-city terrorist attacks on U.S. hospitals in the coming weeks.” Those attacks potentially include vehicle-borne improvised explosive devices followed by armed assaults and hostage scenarios, the post said.
“Intelligence suggests these attacks must occur before Al-Q’aeda’s planned aviation/D.C. attack, likely making hospitals a prelude to a larger-scale operation,” the post said, adding that high casualties are at risk. “These hospitals are soft targets – low security, high foot traffic and critical infrastructure.”
American Kinetix did not respond to a request for additional details.
The AHA and Health ISAC recommend that organizations review and evaluate the coordination and capabilities of physical security, cybersecurity and emergency management plans. “Also, increasing relationships with local and federal law enforcement may streamline response efforts during an attack,” the alert said.
“As we noted in the alert, a more visible security presence around hospital facilities may provide an additional level of security to deter this or other threats,” Riggi said.
“We are, out of an abundance of caution, suggesting hospitals maintain vigilance, without undue alarm,” he said.
The FBI did not immediately respond to Information Security Media Group’s request for comment on the potential threats.