Staying Cyber Alert and Cyber Ready

As the world has learned in recent years, today’s conflicts are fought with many weapons, and cyber warfare is an integral part of the arsenal.

As of this writing, we are not aware of specific, credible threat information targeting U.S. health care related to the ongoing conflict with Iran. The FBI, along with our nation’s other premier intelligence agencies, is closely monitoring the threat meter and doing all within their power to protect America’s entire cyber infrastructure from attack. The AHA remains in close contact with the FBI and other federal agencies.

At the same time, hospitals and health systems should take proactive steps to protect their systems and be ready to respond should a cyberattack occur. This is important because there continue to be cyberattacks on hospitals and health systems, some of which have been thwarted because of increased vigilance on the part of providers.

Protecting patients, providers, and the systems and equipment that make great care possible has been an intense focus of the AHA. We have worked closely with both private sector and federal partners to coordinate information, guidance and suggestions to help achieve that goal.

The AHA’s cybersecurity and risk advisory resource page  offers a comprehensive array of frequently expanded and updated resources to assist providers with maintaining heightened physical security and cybersecurity vigilance in the face of the sophisticated tactics of motivated bad actors.

There are tools to help assess an organization's cyber readiness and identify vulnerabilities that require attention, as well as recommendations to ensure you can maintain clinical and operational continuity for at least 30 days without critical technology, keeping patients safe and care ongoing.

We also have worked to make available tools and support to help rural hospitals,  which often have limited resources, to prepare for and mitigate cyberattacks through Microsoft’s Cybersecurity Program for Rural Hospitals.

In addition, the AHA has established a Preferred Cybersecurity & Risk Provider Program to identify trusted providers with vetted services that can help hospitals and health systems protect their patients and operations from cyberattacks and physical threats.

We urge you to draw upon all of these resources as you tailor a cyber risk assessment and response plan aligned to your organization’s particular needs.

As we continue to prepare for the possibility of cyberattacks, including those backed by state sponsors, it is important to remember that cyber defense involves a whole-of-nation approach; no hospital or health system should try to go it alone.

Contact your local law enforcement for any indication of suspicious physical activity and your local FBI field office if there is any indication of suspicious cyber activity.

And please reach out to the AHA if you need help. For more information, contact John Riggi, AHA national advisor for cybersecurity and risk, at jriggi@aha.org, and Scott Gee, AHA deputy national advisor for cybersecurity and risk, at sgee@aha.org.