Feds warn of increased healthcare cyber threats from Iranian actors

Editor's Note

Iranian cyber actors employing techniques such as brute force, password spraying, and multifactor authentication (MFA) "push bombing" to compromise healthcare and other critical infrastructure sectors, the American Hospital Association (AHA) reported October 17.

The report cites an October 16 joint advisory issued on October 16 by the FBI, the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and international agencies. Particularly since October 2023, Iranian actors reportedly have been aiming to obtain credentials and network information that could be sold to other cybercriminals. Tactics include modifying MFA settings to maintain persistent access and performing network discovery to gather additional credentials and information for further exploitation.  

Officials warned that these initial access breaches can lead to more sophisticated and damaging attacks, including ransomware, and recommended taking action to bolster cybersecurity. Specifically, it cites the voluntary Cybersecurity Performance Goals (CPGs, developed with AHA) as a key defense strategy against sophisticated and damaging attacks, such as ransomware incidents that disrupt patient care. Other recommendations include regularly updating unique, complex passwords and employing phishing-resistant MFA.