U.S. hospitals brace for cyberattacks amid Iran war tensions

ILLINOIS, UNITED STATES — United States hospitals and health systems are tightening cybersecurity defenses as geopolitical tensions tied to the Iran war raise concerns about potential distributed denial-of-service (DDoS) attacks that could disrupt critical healthcare operations.

According to a report from Healthcare IT News, the warning comes from the Health Information Sharing and Analysis Center (Health-ISAC), which said healthcare providers should strengthen their cybersecurity posture as the conflict could trigger retaliatory cyber activity from pro-Iranian hacktivist groups. 

Health-ISAC is an organization that helps the global healthcare sector to prevent, detect and respond to cyber and physical security threats. 

The organization found no evidence of confirmed hospital attacks but their cybersecurity expert determined that past geopolitical conflicts resulted in more frequent digital attacks against essential infrastructure systems such as the healthcare sector.

“Health-ISAC is closely tracking the evolving Middle East crisis and the potential for cyber spillover affecting healthcare and public health organizations globally,” said Errol Weiss, Chief Security Officer of Health-ISAC.

DDoS attacks threaten hospital operations and patient care

Weiss explained that DDoS attacks that overwhelm systems with internet traffic can disable hospital websites, patient portals and all other online systems used for clinical operations.

Health-ISAC cautioned that hospitals need to stay alert since hacktivist groups may attempt to sabotage services linked to public-facing systems.

“History shows that major military escalations are often accompanied by an uptick in DDoS [distributed denial-of-service] activity and noisy hacktivist operations,” Weiss said.

Healthcare providers depend on digital platforms for patient registration, scheduling system, telehealth visits and electronic health records (EHR). Any brief interruption creates obstacles that prevent delivery of services which adds stress to medical staff members who already have excess workload.

“DDoS threats are real and disruptive even when they fall short of a breach. A hospital that can’t access its patient portal or EHR system for four hours faces genuine operational risk,” said Brian Lamberger, general manager of cybersecurity solutions at CloudWave.

The interruptions demonstrate the growing need for healthcare systems for more resilient healthcare operations. Health systems need to study their cybersecurity needs to find solutions such as turning to specialized security partners and use outsourced IT services to create continuous security monitoring while minimizing work demands on their internal staff.

How healthcare systems can strengthen cyber defenses

Health-ISAC recommends that hospitals take several steps to reduce risk, including validating DDoS protections with internet service providers, content delivery networks and cloud providers. 

Organizations are also advised to review internet-facing systems such as virtual private network (VPNs), patient portals and remote access tools.

“We are warning Health-ISAC members to be prepared for attempts to disrupt public-facing assets (websites, patient portals, VPNs) and, in some cases, internet-exposed OT/IoT that support clinical and facility operations,” Weiss said.

Healthcare leaders need to practice their procedures for system failures and emergency situations to maintain patient treatment during system outages. Weiss stressed that clinicians need to learn their response procedures for various disruptive events.

“Don’t just have a binder on a shelf,” he said.

Instead, hospitals should regularly test manual workflows for patient check-ins, scheduling and medication documentation. Weiss noted that cross-team coordination between IT, nursing and medical leadership is essential to maintaining patient safety during cyber incidents.

“The healthcare sector should take the current threat environment seriously without succumbing to alarm,” Lamberger said. “Don’t let unverified social media claims drive panic, but don’t mistake noise for safety either.”