Potential Terror Threat Targeted at Health Sector – AHA & Health-ISAC Joint Threat Bulletin
On March 18, 2025, the American Hospital Association (AHA) and Health-ISAC observed a social media post related to the active planning of a coordinated, multi-city terrorist attack on hospitals in the coming weeks.
The AHA and Health-ISAC have created and are sharing this bulletin out of an abundance of caution to spread awareness of the potential threat. The AHA and Health-ISAC are in close contact with the FBI regarding the threat and will provide additional information as it becomes available.
At this time, no information is available to either corroborate or discount this threat’s credibility. Generally, foreign terrorist groups do not publicize their upcoming attacks. However, this widely viewed post may encourage others to engage in malicious activity directed toward the health sector, so threats of this nature should be taken seriously. Security teams should review emergency management plans and spread awareness of the potential threat internally.
It is recommended that organizations review and evaluate the coordination and capabilities of physical security, cybersecurity, and emergency management plans. Also, increasing relationships with local and federal law enforcement may streamline response efforts during an attack.
In addition, staff and security teams should remain vigilant for any suspicious activity, as well as people or vehicles on organizational premises or in the vicinity of health sector facilities. If any are identified, it is advised to notify local law enforcement immediately.
Additional Details
On March 18, 2025, user @AXactual made a post on X with details related to the active planning of a coordinated, multi-city terrorist attack on United States health sector organizations. The details of the post can be reviewed at the above link to gain further insight into the specific nature of the threat.
Recommendations
The AHA and Health-ISAC recommend that teams review security and emergency management plans and heighten staff awareness of the threat.
Although the threat’s credibility cannot be verified at this time, physical security protocols and practices should be reviewed. Having a publicly visible security presence can help mitigate the risk of being a potential target. The post referencing the attacks states that the primary targets are mid-tier cities with low-security facilities. With the information claiming multiple simultaneous targets, they would likely select health sector facilities with visibly weak security and conduct prior planning to coordinate the attacks. It is common practice for individuals contemplating targeted acts of violence to conduct pre-attack surveillance and reconnaissance. Having a visible security presence can mitigate being chosen as a target during the planning phase of an attack.
Watch for further information from the AHA and Health-ISAC on this potential threat.
Health-ISAC provides this information to prevent the successful exploitation and disruption of your security apparatus. For more information, see Health Industry Cybersecurity Practices (HICP): Managing Threats and Protecting Patients.
|
|---|
|
|---|
- Related Resources & News
- New Cybersecurity Policies Could Protect Patient Health Data
- CyberWire Podcast: PHP flaw sparks global attack wave
- Health-ISAC Hacking Healthcare 3-14-2025
- HSCC Aiming to Identify Healthcare Workflow Chokepoints
- New Healthcare Security Benchmark Highlights Key Investment Priorities and Risks
- Are Efforts to Help Secure Rural Hospitals Doing Any Good?
- CISA cuts $10 million annually from ISAC funding for states amid wider cyber cuts
- 2024 Health-ISAC Discussion Based Exercise Series After-Action Report
- Cobalt Strike takedown effort cuts cracked versions by 80%
- Denise Anderson recognized on Cyber25 Women of Impact list