HAP's Latest News

Rising Health Care Cybersecurity Concerns amid Russia’s Invasion of Ukraine

CISA urges ‘Cyber Shields Up’ amid growing geopolitical tensions

February 24, 2022

The U.S. government and the American Hospital Association (AHA) are advising the health care community to be on alert for potential cybersecurity threats amid Russia’s invasion of Ukraine.

In an advisory released yesterday, the AHA noted a growing concern that Russia may retaliate against the U.S. and other allied nations for the economic and military sanctions placed against the country. This could include “disruptive cyberattacks in furtherance of its military and political objectives,” the AHA said.

The AHA noted three potential cybersecurity concerns stemming from the geopolitical tensions:

  • Hospitals and health systems may be targeted directly by Russian-sponsored cyber actors
  • Hospitals and health systems may become incidental victims of, or collateral damage to, Russian-deployed malware or destructive ransomware that inadvertently penetrates U.S. health care entities
  • A cyberattack could disrupt hospitals’ mission-critical service providers

Last week, Cybersecurity & Infrastructure Security Agency (CISA) issued a “shields up” advisory about the looming cybersecurity threat.

“While there are not currently any specific credible threats to the U.S. homeland, we are mindful of the potential for the Russian government to consider escalating its destabilizing actions in ways that may impact others outside of Ukraine,” the agency said.

The agency recommended all organizations take steps to improve their cyber posture by:

  • Reduce the likelihood of a damaging cyber intrusion through best practices
  • Take steps to quickly detect a potential intrusion
  • Ensure your organization is prepared to respond if an intrusion occurs
  • Maximize resilience to a destructive cyber incident

Organizations should report incidents and unusual activity to CISA and or the FBI via a local FBI field office or the FBI’s CyWatch hotline at (855) 292-3937. Additional resources are available

For more information, contact Jason Tomashunas, MS, CHEP, HAP’s manager, emergency management. In addition, follow coverage from John Riggi, the AHA's senior advisor for cybersecurity and risk, for recent developments in cybersecurity and health care.