AHA Warns Hospitals of Potential Cyberattacks Due to Russia’s Invasion of Ukraine

Photo: Andrew Brookes/Getty Images

The American Hospital Association warns American hospitals against possible cyberattacks due to the Russian invasion of Ukraine.

“The AHA is closely monitoring the potential for increased cyber risks to the U.S. healthcare system resulting from ongoing military operations in the Russia/Ukraine region,” the organization said.

Prior to Russia’s invasion, threat actors deployed destructive malware against organizations in Ukraine to destroy computer systems and render them inoperable, the AHA said in a statement on Saturday. These included malware known as WhisperGate and HermeticWiper, used to target Windows devices and organizations in Ukraine.

“This has experts fearing that America’s hospitals and healthcare systems will end up being significantly affected as collateral, accidental or even intentional damage,” the AHA said.

A scenario: A third-party service provider with connections to Ukraine is inadvertently a vector of malware or other cyber harm into US healthcare systems. It’s also possible that Russia will choose to escalate its long-running cyber war against the United States in retaliation for economic or other sanctions put in place this week, or give the green light to the multitude of ransomware gangs operating from the Russia to Target West with Impunity, AHA Says

“While our attention is focused on Russia, other nation-state cyber adversaries, such as China, Iran and North Korea, may see the opportune moment to strike,” the statement said. AHA. “However, cyberthreats don’t stop at the water’s edge and healthcare providers need to be on heightened alert during this tense time for destructive malware or ransomware that can enter healthcare. in the United States, potentially disrupting patient care and putting entire systems at risk.


Steps hospitals should follow include:

  • Creation of an incident response plan and business continuity plan – up to four to six weeks – so that mission-critical functions and operations can continue to function if technology systems are disrupted or need to be taken offline.
  • Follow the best strategies for protection controls and secure, resilient and redundant offline backups, as well as multi-factor authentication and vulnerability management.
  • Take advantage of the tools and guidance available on the AHA’s website, as well as federal law enforcement resources Free by the FBI, CISA and others.


In recent years, there has been an alarming increase in ransomware and other disruptive cyberattacks directed at hospitals and healthcare systems that can interfere and delay the delivery of care and put patient safety at risk, said the AHA.

Recently, the Cybersecurity and Infrastructure Security Agency warned that “any organization in the United States is exposed to cyber threats that can disrupt essential services and potentially impact public safety.”

On February 22, President Biden announced that Russia had invaded Ukraine.

The US government and NATO allies immediately responded with a series of economic and military sanctions. Now, there are concerns that Russia could retaliate against the United States and allied countries with disruptive cyberattacks in pursuit of its military and political goals, the AHA said.

The Russian military has previously used cyberattacks against Ukraine to disrupt the power grid, communications capabilities and financial institutions. For example, it has been reported that cyber denial of service attacks, attributed to the Russian military, have been launched against the Ukrainian Ministry of Defense, as well as its financial institutions.

In light of previous attacks and potential threats, the Cybersecurity and Infrastructure Security Agency last week released a rare and related cyber security “Shields up” warning to the US private sector, including healthcare, due to the heightened cyber threat posed by the Russian government.

As part of the AHA’s efforts, John Riggi, the association’s National Cybersecurity and Risk Advisor, and former senior FBI Cyber ​​Division executive, remains in close coordination with the FBI, CISA, and the Department. of Health and Human Services regarding related threats that may pose a risk to health care in the United States.

Twitter: @SusanJMorse
Email the author: [email protected]

Comments are closed.