FBI, healthcare agencies warn of credible threat against hospitals, after multi-city social media terror plot alert
Following a social media post last week on the active planning of a coordinated, multi-city terrorist attack on hospitals in the coming weeks, the American Hospital Association (AHA) and Health-ISAC published a bulletin out of ‘an abundance of caution’ to spread awareness of the potential threat. The healthcare agencies are in close contact with the FBI (Federal Bureau of Investigation) regarding the threat and will provide additional information as it becomes available.
“Hospitals and healthcare networks across America are under threat. From ransomware and insider sabotage to shootings and credible terror alerts, the U.S. medical sector is increasingly a national security vulnerability,” @AXactual wrote in an updated X, formerly Twitter, message. “PA, MD, NY, IL, MI, WA, CA, and Nationwide systems (CHC USA, AHA, Health-ISAC)”
The message added that the tactics observed included ransomware attacks crippling hospital operations, data breaches leaking patient records, targeted shootings and hostage scenarios, vehicle-ramming and IED threats (open-source extremist intel), and terror plot chatter involving hospitals as symbolic targets.
The post also listed confirmed incidents affecting the healthcare sector, including the CHC USA breach that exposed data of over one million patients across the nation on Jan. 2; ransomware shut down Frederick Health Medical Group, Maryland on Jan. 29; New York Blood Center ransomware attack halts donations on Jan. 30; and Hospital Sisters Health System discloses 882K-patient breach in Springfield, Illinois on Feb. 7.
It also included a hostage situation where a gunman killed an officer at UPMC Memorial Hospital in York, Pennsylvania on Feb. 22; fire outside regional hospital prompts full evacuation in Spokane, Washington on Feb. 24; shooting in Corewell Health garage and suspect arrested in Troy, Michigan on Mar. 20; Health-ISAC & AHA warn of potential hospital-targeted plots in a nationwide alert on Mar 18; and the FBI/CISA flag spike in Medusa ransomware attacks, including hospitals in a Mar. 18 cyber alert.
In another post, @AXactual wrote that the ISIS-K is actively planning coordinated, multi-city terrorist attacks on U.S. hospitals in the coming weeks. The method likely to be used is vehicle-borne improvised explosive devices (VBIEDs) followed by armed assaults and hostage scenarios.
“All Level One trauma centers in mid-tier cities should review security, identify pre-attack reconnaissance, and implement emergency response measures now,” the post added. “This report is based in part on information originally generated by @TPASarah and @BenghaziAttacks and @commandeleven.”
Citing intelligence sources, the post noted that “Chatter from ISIS-K training camps in Afghanistan confirms operational planning is advanced. Reports indicate possible pre-attack surveillance at hospitals—urgent review of security footage needed.”
“At this time, no information is available to either corroborate or discount this threat’s credibility. Generally, foreign terrorist groups do not publicize their upcoming attacks,” the AHA and Health-ISAC noted in their joint bulletin. “However, this widely viewed post may encourage others to engage in malicious activity directed toward the health sector, so threats of this nature should be taken seriously. Security teams should review emergency management plans and spread awareness of the potential threat internally.”
It is recommended that healthcare organizations review and evaluate the coordination and capabilities of physical security, cybersecurity, and emergency management plans. Also, increasing relationships with local and federal law enforcement may streamline response efforts during an attack.
The bulletin added that staff and security teams should remain vigilant for any suspicious activity, as well as people or vehicles on organizational premises or in the vicinity of health sector facilities. “If any are identified, it is advised to notify local law enforcement immediately.”
The AHA and Health-ISAC advise healthcare teams to review security and emergency plans and increase staff awareness of potential threats. While the threat’s credibility is unverified, it’s crucial to reassess physical security protocols. A visible security presence can deter potential targeting. The post suggests mid-tier cities with low-security facilities are primary targets.
The agencies recognized that with claims of multiple simultaneous attacks, health facilities with weak security are likely targets, requiring prior planning and coordination. Those planning targeted violence often conduct pre-attack surveillance. A visible security presence can deter selection as a target during planning.
Earlier this month, Microsoft’s white paper provided insights into the cybersecurity landscape for rural health, highlighting the unique threats faced by rural hospitals. It discusses the current state of these facilities and emphasizes the role technology companies can play in mitigating immediate cyber risks and addressing broader systemic challenges. Notably, the paper points out that ransomware attacks are a significant threat, with hospitals being prime targets for financially motivated cybercriminals and nation-state threat groups.
link
