This website is being reviewed for updates. Some information is offline. We apologize for any inconvenience.
Skip to main content
Rural Health Information Hub
Rural Health Information Hub

Increased Risk of Cyber Threats Against Healthcare and Public Health Sector

Jun 24, 2025

Due to rising geopolitical tensions, The Department of Health and Human Services (HHS) is encouraging sector partners to prepare for the likelihood of increased cyber-attacks against healthcare entities by reviewing their vulnerability management strategy and contingency planning as well as adopting a heightened cyber-defense posture. While there is no current evidence of specific targeting against Healthcare and Public Health (HPH) Sector organizations, we know that the sector has historically been the victim of cyberattacks from a wide range of cyber threat actors during periods of conflict.

Multiple U.S. government agencies, including the Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Agency (CISA), and the Department of Defense Cyber Crime Center (DC3), have warned of an increasing risk of cyber threats against the HPH sector due to Iranian-based cyber actors. On 6/22/2025, The Department of Homeland Security (DHS) issued a National Terrorism Advisory System (NTAS) Bulletin amid the Israel-Iran conflict. The bulletin was effective immediately and is valid through 9/22/2025. The NTAS highlights that both hacktivists and Iranian government-affiliated actors routinely target poorly secured US networks and Internet-connected devices for disruptive cyber-attacks. Additionally, if Iranian leadership were to issue a religious ruling calling for retaliatory violence against specific targets in the Homeland, it could increase the likelihood that a supporter of the Iranian regime is inspired to commit an act of violence in the Homeland. Relevant to this, two Joint Advisories have been issued: Iranian Government-Sponsored Actors Conduct Cyber Operations Against Global Government and Commercial Networks and Iranian Cyber Actors’ Brute Force and Credential Access Activity Compromises Critical Infrastructure Organizations.

Nation-State threat actors, sympathetic hacking groups, ransomware groups, and other cyber threat actors seek to take advantage of known conflicts. Iranian government-affiliated cyber threat actors, in particular, have been known to utilize brute force methods, such as password spraying and multi-factor authentication (MFA) ‘push bombing’, to compromise networks and obtain credentials. Distributed Denial of Service (DDoS) attacks, spear phishing, exploiting publicly known vulnerabilities, and leveraging multiple open-source tools are also common tactics that have been observed.

Due to the interconnected nature of the HPH sector infrastructure, all owners and operators of HPH infrastructure, regardless of size, should review their vulnerability management strategy and contingency planning. Recommended actions include access restrictions, implementation of intrusion detection systems, and regularly back up of critical assets. The Cybersecurity and Infrastructure Security Agency (CISA) Shields Up: Guidance for Organizations site highlights ways to adopt a heightened posture when it comes to cybersecurity and protection of critical assets.

Organizations are also encouraged to adopt a heightened cyber-defense posture for the wide range of potential cyberattacks including ransomware, data breaches, denial of service (DoS), and website defacement as well as potential attacks against IT systems, Operational Technology, call centers, and supply chains. Suggested actions organizations can take include implementing and reviewing your recovery plan; updating all operating systems, software, and firmware; validating internal network access; filtering network traffic; disabling unused ports; requiring multifactor authentication; and verifying the availability of your designated crisis-response team.

Sector partners are encouraged to be vigilant and continue to implement strong cyber hygiene practices to defend against threats to our nation's healthcare system. HPH organizations can look to the Healthcare and Public Health (HPH) Sector Cybersecurity Performance Goals (CPGs) to implement cybersecurity protections against the most common tactics, techniques, and procedures used against this sector. Visit the HHS Cyber Gateway for more tools and information on the HPH CPGs.

Source: Office of Cybersecurity and Infrastructure Protection (OCIP), Administration for Strategic Preparedness and Response (ASPR)