U.S. hospitals are being urged to strengthen cybersecurity defenses amid concerns that escalating tensions involving Iran could trigger cyberattacks targeting healthcare systems, Healthcare IT News reports.
The Health Information Sharing and Analysis Center (Health-ISAC), a nonprofit that shares cybersecurity intelligence with the healthcare sector, said hospitals should prepare for the possibility of distributed denial-of-service (DDoS) attacks — cyber incidents designed to overwhelm websites or online systems and disrupt operations.
| READ NEXT: Cybersecurity for EMS agencies on a budget
While Health-ISAC said it is not aware of any specific or credible threats targeting U.S. hospitals, officials warn that geopolitical conflicts are often accompanied by increased cyber activity from hacktivist groups sympathetic to one side or another.
“History shows that major military escalations are often accompanied by an uptick in DDoS activity and noisy hacktivist operations,” Errol Weiss, Health-ISAC’s chief security officer, told Healthcare IT News.
DDoS attacks typically flood servers with traffic, making systems such as hospital websites, patient portals or remote access tools unavailable, creating operational challenges for healthcare organizations.
Health-ISAC said hospitals should focus on protecting internet-facing systems, including patient portals, virtual private networks (VPNs) and other remote access tools that support clinical and administrative work.
The organization also noted that internet-connected medical or facility devices could be potential targets. Hacktivists recently compromised an internet-facing device at a hospital in Israel, Weiss said.
Hospitals urged to prepare for downtime
Security experts are also encouraging healthcare organizations to review downtime procedures in case a cyberattack temporarily disables digital systems.
Hospitals should ensure clinicians know how to continue essential services during an outage and have manual processes available for tasks such as patient registration, medication records and documentation, according to Healthcare IT News.
“Organizations must provide clinicians with clear guidance on downtime procedures — what to stop, what to slow and what to continue,” Weiss said.
Health-ISAC officials stressed that while hospitals should take the threat environment seriously, organizations should avoid reacting to unverified claims circulating on social media.
