CHA News

Hospitals Alerted to Potential Cyberattacks by Iran

For CEOs, CIOs

This post has been archived and contains information that may be out of date.

Following a U.S.-led airstrike last week that killed a leading Iranian general, the federal government believes cybersecurity to be among the highest risks of Iranian retaliation. The American Hospital Association (AHA) yesterday alerted hospitals and health systems to remain vigilant about their data, systems, and networks.

“If cyberattacks against other U.S. critical infrastructure or entities occur, collateral damage or disruption to health care operations may result,” the AHA statement said.

Hospitals and health systems should be especially vigilant about:

  • Patching critical cyber vulnerabilities, especially those present in medical devices or mission-critical systems  
  • Possible spear phishing emails and/or attachments
  • Email security, intrusion detection, and response systems
  • Dependencies and cybersecurity of network-connected systems such as power supply, HVAC, and access control systems
  • Backup security, redundancy, and restoration times – ensuring backups are offline, with multiple copies on site and cloud-based, on different media types
  • Cybersecurity requirements and dependencies on vendors that have remote or direct access to sensitive data, operations, backups, and locations. Identify high-risk vendors – and their subcontractors – especially those based overseas.
  • Cyber incident response plans, incorporating a designated cyber response firm and local FBI Cyber Task Force point of contact