Security alarms continue to go off for healthcare providers
Federal agencies issue more warnings to providers as cyberthreats put data and patient care at higher risk.
Data security warnings aimed at healthcare organizations keep rolling down from federal agencies, highlighting greater risks associated with protecting patient information.
The alerts have increased over the past 12 months, underscoring the increased value of patient information and rising tensions resulting from deteriorating relationships between the U.S. and other countries in the world, especially in light of the ongoing armed conflict with Iran.
Industry organizations are amplifying the message and trying to better prepare healthcare organizations to protect sensitive data and recover from breach incidents.
Alarms go off again
Alerts from federal agencies have been a constant reminder of the threat over the past year. For example, in March, the Cybersecurity and Infrastructure Security Agency, the Federal Bureau of Investigation and other federal agencies issued an advisory, warning that Iranian groups could be seeking to attack critical infrastructure, including the healthcare sector.
Those calls for heightened security followed a successful attack by an Iran-linked hacker group that took credit for a cyberattack on Stryker, a technology company specializing in surgical equipment, orthopedic implants and neurotechnology. The group, known as Handala, took credit for the attack, claiming to have wiped information from more than 200,000 servers, mobile devices and other systems. However, by the end of the month, the company reported it had fully recovered its operations and data.
The growth of Iranian threats is part of a broader pattern of risks to national cybersecurity, other federal agencies note. The Office of the Director of National Intelligence recently released the 2026 Annual Threat Assessment of the U.S. Intelligence Community, in which several agencies collectively assess the current risks.
And more recently, the Cybersecurity and Infrastructure Security Agency and other authorities issued an advisory warning about risks posed by Chinese-affiliated cybercriminals. CISA’s guidance suggests that bad actors are targeting connected devices and networks — often an unsuspected and difficult-to-patch weak link in network defenses — resulting in heightened risks for hospitals and health systems.
“The use of covert networks of compromised devices — also known as botnets — to facilitate malicious cyber activity is not new, but China-nexus cyber actors are now using them strategically, and at scale,” the advisory notes. Protecting networks “is not straightforward, and defensive tactics will be different based on the levels of resource and the nature of the target organization.”
Vendors are stepping up efforts to protect systems, industry advisories note. For example, Microsoft announced on May 19 that it disrupted operations of Fox Tempest, a threat actor operating as a malware-signing-as-a-service used by cybercriminals to deploy malicious code, including ransomware. The malware had enabled attacks on a range of sectors, including healthcare, education and other sectors.
Improving protection
Still, the industry needs to protect itself, and healthcare organizations are increasingly working together to promulgate better security practices or, at the minimum, to ensure operations can be sustained during security-related incidents.
Recently, the American Hospital Association and Joint Commission announced the Cyber Resilience Readiness program. The organizations say the initiative is intended to help hospitals and health systems “assess and strengthen their ability to sustain clinical continuity — i.e., safe and quality clinical operations — during cyber-related technology outages for 30 days or longer.”
The idea is to help organizations gear up for worst-case cyber incidents by encouraging “real-world operational readiness and patient safety impacts, rather than solely IT recovery.” The program is voluntary and would assess an organization in a variety of areas, including:
Measure its ability to maintain safe patient care during cyber disruptions.
Facilitate the coordination of clinical, operational and leadership response during downtime.
Prepare staff to work together effectively during a significant cyber incident.
Identify and mitigate risks that might post a threat to clinical continuity.
The AHA and Joint Commission say the program is appropriate for healthcare organizations of all sizes, and it’s flexible and modular, enabling organizations to choose the components that align with their readiness and internal capabilities.
Along the same lines, the AHA has named Rubrik as its preferred cybersecurity provider, in pursuit of the goal of helping hospitals improve protections and recover from attacks more quickly. Rubrik joins several other vendors that the AHA recommends for cybersecurity services.
Fred Bazzoli is the Editor in Chief of Health Data Management.