Staff at the American Hospital Association (AHA) and Health-ISAC observed a social media post @AXactual made on X (formerly Twitter) related to the potential active planning of a coordinated, multi-city terrorist attack on hospitals in the coming weeks.
The AHA and Health-ISAC created a bulletin out of what official called “an abundance of caution” to spread awareness of the potential threat. The AHA and Health-ISAC are in close contact with the FBI regarding the threat and will provide additional information as it becomes available, according to an announcement from the AHA.
No information is available to either corroborate or discount this threat’s credibility. According to the AHA’s warning, “generally, foreign terrorist groups do not publicize their upcoming attacks. However, this widely viewed post may encourage others to engage in malicious activity directed toward the health sector, so threats of this nature should be taken seriously. Security teams should review emergency management plans and spread awareness of the potential threat internally.”
The AHA recommended that organizations review and evaluate the coordination and capabilities of physical security, cybersecurity, and emergency management plans. Also, increasing relationships with local and federal law enforcement might streamline response efforts during an attack.
In addition, staff and security teams should remain vigilant for any suspicious activity, as well as people or vehicles on organizational premises or in the vicinity of health sector facilities. If any are identified, it is advised to notify local law enforcement immediately.
The AHA and Health-ISAC recommend that teams review security and emergency management plans and heighten staff awareness of the threat. The Health Industry Cybersecurity Practices (HICP) is a set of guidelines and recommendations developed by the U.S. Department of Health and Human Services (HHS) to help healthcare organizations improve their cybersecurity posture. The HICP was created in response to the increasing threat of cyberattacks and data breaches in the healthcare sector, which has been a target for cybercriminals due to the sensitive and valuable nature of healthcare data.
