Authorities warn of Iranian-backed cyber attacks targeting healthcare

The attackers were able to gain access to networks in a children’s hospital, authorities said. Organizations are being urged to search their networks for malicious activity.

Federal authorities are warning of cyber attacks backed by the Iranian government and targeting critical infrastructure systems, including the healthcare industry.

The Federal Bureau of Investigation, the Cybersecurity and Infrastructure Security Agency and authorities from the United Kingdom and Australia jointly issued the alert Nov. 17. The alert specifically mentions the healthcare sector, public health and the transportation sector.

The attacks have been going on for months and one of the targets has been a children’s hospital in the U.S., authorities said. (Read the full Joint Cybersecurity Advisory.)

The attackers have exploited vulnerabilities in Microsoft and Fortinet. They seem to be concentrating on known vulnerabilities. Authorities said the attackers are sponsored by the Iranian government and are looking to exploit weaknesses for ransomware, extortion or to obtain data.

In June, the attackers “exploited a Fortigate appliance to access environmental control networks associated with a U.S.-based hospital specializing in healthcare for children,” the federal alert stated. The hospital wasn’t identified.

Authorities said the attackers exploited a Fortigate appliance in May to access a webserver hosting a domain for a U.S. municipal government.

In October, the attackers took advantage of a Microsoft Exchange ProxyShell vulnerability to gain access to systems in advance of follow-up operations.

Authorities recommended companies using Microsoft Exchange servers and Fortinet look for any potential malicious activity in their systems.

In addition, the federal alert urged institutions to immediately patch software to address vulnerabilities. Companies and organizations are also being encouraged to implement steps such as multi-step authentication and the use of strong and secure passwords.

Authorities said the Iranian government-sponsored actors were first spotted engaging in suspicious activity in March 2021. Those actors scanned devices for Fortinet FortiOS vulnerability. Those actors likely gained access to vulnerable networks, authorities said in the alert.

Hospitals are seeing more cybersecurity attacks. In 2021, more than 500 healthcare organizations reported cybersecurity incidents affecting at least 500 people, according to the U.S. Department of Health and Human Services.

Most hospitals have dealt with some kind of cybersecurity threats, according to a Healthcare Information and Management Systems Society (HIMSS) survey in 2020.

The survey found 70% of cybersecurity professionals reported serious security incidents within the previous year. Of those incidents, 20% involved ransomware or malware. More than a quarter (28%) of those surveyed said cyber attacks disrupted emergency services.

Earlier this month, the federal government published a catalog of known vulnerabilities for cyberattacks, making such information more widely available to the private sector.

Advocates for healthcare systems have also asked the federal government to do more to help protect hospitals from cyber attacks.