Hospital Preparedness During Heightened Tension in the Middle East
Monday, January 06, 2020 3:30 PM
The Department of Health and Human Services (HHS) Assistant Secretary for Preparedness and Response (ASPR) released the following guidelines for hospitals and health care facilities to consider to ensure they are prepared for possible attacks on public infrastructure.
In collaboration with HC3, H-ISAC, DHS and the law enforcement
community, ASPR is actively monitoring an increase in malicious cyber activities
as result of heightened tensions between the United States and Iran. In the
past, the Iranian regime actors and proxies have initiated destructive
attacks against United States infrastructure; however,
there are currently no specific, credible threats against U.S.
Iran and their proxies have often employed "wiper" attacks that are more
destructive than ransomware or denial of service attacks. Yesterday, the Department for Homeland Security (DHS)
issued a statement encouraging all critical infrastructure operators to
familiarize themselves with Iranian Threat Group Tactics, Techniques
and Procedures (TTPs).
In light of this situation, ASPR strongly encourages the owners and operators
of Health and Public Health critical infrastructure to exercise a heightened
state of vigilance of their environment for potential increase of cyber
threats and be vigilant on both physical and cyber security:
Physical: Connect with law enforcement to ensure local threat
information-sharing, review and communicate business continuity and
response plans, refresh training and reporting procedures, and report
if you see something, say something.
Cyber: Review the cyber security fundamentals of your environment,
check offline back-up and recovery procedures, and review continuity of
operations plans (including those of the third-party service providers).
Additionally, critical infrastructure owners and operators are encouraged
DHS's tips and best practices on securing their online presence.
Anyone who has relevant information or suspects a compromise should
with copies of correspondence to HC3@hhs.gov and CIP@hhs.gov.
HHS has received questions about medical device vulnerabilities and patient
safety. Again, there is currently no specific, credible threat against
medical devices. Patients and providers concerned about their devices can find resources
and tips on the
Food and Drug Administration's Medical Device Cybersecurity website.
ASPR will continue to monitor the situation and provide further information
as necessary. Additionally, you can subscribe to the weekly Healthcare and Public Health Sector Highlights,
to receive the latest Cyber-related updates and information.