A joint advisory issued yesterday by the FBI, the Cybersecurity and Infrastructure Security Agency, the National Security Agency, and international partners highlights the growing threat posed by Iranian cyber actors targeting healthcare and other critical infrastructure sectors. These actors are employing techniques such as brute force attacks to compromise organizations, with the intent of obtaining credentials and network information that can be sold to cybercriminals.
Since October 2023, these cyber actors have utilized aggressive tactics, including password spraying and multifactor authentication (MFA) “push bombing,” to infiltrate user accounts and access organizational systems. They have also modified MFA registrations to maintain persistent access and conducted network reconnaissance to gather further credentials and information for additional entry points.
“This alert underscores the ongoing threat to the U.S. healthcare sector, particularly hospitals, from Iranian cyber threat actors,” said Scott Gee, AHA Deputy National Advisor for Cybersecurity and Risk. “Once these threat actors gain initial access, they sell that access to other criminals who carry out more sophisticated attacks, such as ransomware, which can severely disrupt patient care and impact entire communities. Any ransomware attack that delays patient care is a threat-to-life crime, and those identified in this alert may be considered co-conspirators in these attacks.”
To protect against these threats, hospitals should enforce the use of unique, complex passwords that are changed regularly, and implement phishing-resistant multifactor authentication. The voluntary Cybersecurity Performance Goals referenced in the advisory, developed with AHA support, serve as an essential first line of defense against these relatively unsophisticated initial access attempts. The AHA urges hospitals to adopt these guidelines to strengthen their overall cybersecurity posture and defend against such adversaries.
For more information on cyber and risk issues, contact Gee at sgee@aha.org. For the latest threat information and additional cybersecurity resources, visit www.aha.org/cybersecurity.