Details on the bulletin

According to AHA and Health-ISAC, user @AXactual made a post on X with details regarding the active planning of a coordinated, multi-city terrorist attack aimed at U.S. hospitals.

Specifically, the post said that chatter in training camps run by ISIS-K — a division of the jihadist group Islamic State — confirmed planning is in the advanced stages of an attack that would use vehicle-borne improvised explosive devices followed by armed assaults and hostage scenarios.

The primary targets of the attack would be mid-tier cities with low-security facilities, the bulletin said. Information has claimed multiple simultaneous targets, but attackers would likely select healthcare facilities with visibly weak security and conduct prior planning coordination.

The X post was added to the account of American Kinetix, which claims to be a Christian company in the United States consisting of joint special operations command, the CIA, and combat veterans. American Kintex said it's received reports of potential pre-attack surveillance at hospitals.

Currently, there is no information available to corroborate or discount the credibility of the threat, the bulletin said.

"Generally, foreign terrorist groups do not publicize their upcoming attacks," the bulletin said. "However, this widely viewed post may encourage others to engage in malicious activity directed toward the health sector, so threats of this nature should be taken seriously."

AHA and Health-ISAC are in close contact with the FBI regarding the potential threat, they said.

AHA's recommendations

In the bulletin, AHA and Health-ISAC recommended that healthcare organizations review and evaluate their coordination and physical security capabilities, cybersecurity, and emergency management plans, along with heightening staff awareness of the threat.

While the threat's credibility is uncertain, AHA and Health-ISAC recommended reviewing physical security protocols and practices, emphasizing that hospitals should have a publicly visible security presence to help mitigate the risk of being a potential target.

AHA and Health-ISAC also recommended hospitals increase relationships with local and federal law enforcement, as this could streamline response efforts during a potential attack.

In addition, the bulletin recommends that staff and security teams remain vigilant for any suspicious activity as well as any people or vehicles on organizational premises or in the vicinity of healthcare facilities. If anyone is identified, the bulletin recommends that local law enforcement is notified immediately.

Advisory Board has several resources related to cybersecurity, including:

• This expert insight, which will teach you how healthcare organizations have updated their strategies around cybersecurity threats, budgets, and third-party risk management.
• This cheat sheet, which provides healthcare leaders with a comprehensive framework to mitigate cybersecurity risks, protect patient data, and strengthen organizational resilience.
• This expert insight, which emphasizes the need for healthcare organizations to adopt cyber-resilience to effectively handle constant cyber threats.
• This research, which will help you stay ahead of the curve by providing three key strategies to improve cybersecurity and protect patient data.
• This infographic, which highlights the major components of cyber resiliency and how it manifests across an enterprise.