Please see message below from HHS ASPR Critical Infrastructure Protection. Additionally, there is a new bulletin from the National Terrorism Advisory System (NTAS) which you can read here: https://www.dhs.gov/sites/default/files/ntas/alerts/19_0718_ntas-bulletin_0.pdf

From: Healthcare & Public Health Sector Alert [mailto:CIISE.dhs@public.govdelivery.com]
Subject: Heightened Tension, Middle East-- Cybersecurity Alert

Cybersecurity Notification

This email is from the HHS ASPR Division of Critical Infrastructure Protection (CIP). For more information, e-mail CIP@hhs.gov or to subscribe to our email newsletters, visit our website.

January 4, 2020

Heightened Tension, Middle East

Healthcare and Public Health Sector Partners-

HHS ASPR, in collaboration with HC3, H-ISAC, DHS and the law enforcement community, is actively monitoring an increase in malicious cyber activities as result of heightened tensions between the United States and Iran. In the past, the Iranian regime actors and proxies have initiated destructive attacks against United States infrastructure; however, there are currently no specific, credible threats against U.S. infrastructure.

Iran and their proxies have often employed “wiper” attacks that are more destructive than ransomware or denial of service attacks. Yesterday, DHS issued a statement encouraging all critical infrastructure operators to familiarize themselves with Iranian Threat Group Tactics, Techniques and Procedures (TTPs). In light of this situation, we strongly encourage the owners and operators of Health and Public Health critical infrastructure to exercise heightened state of vigilance of their environment for potential increase of cyber threats and be vigilant on both physical and cyber security:

Physical: Connect with law enforcement to ensure local threat information-sharing, review and communicate business continuity and response plans, refresh training and reporting procedures, and report any concerns: if you see something, say something.
Cyber: Review the cyber security fundamentals of your environment, check offline back-up and recovery procedures, and review continuity of operations plans (including those of the 3rd party service providers).

Additionally, critical infrastructure owners and operators are encouraged to review DHS’s tips and best practices on securing their online presence.

Anyone who has relevant information or suspects a compromise should immediately contact NCCICCUSTOMERSERVICE@hq.dhs.gov with copies of correspondence to HC3@hhs.gov and CIP@hhs.gov.

HHS has received questions about medical device vulnerabilities and patient safety. Again, there is currently no specific, credible threat against medical devices. Patients concerned about their devices can find resources and tips on the Food and Drug Administration’s Medical Device Cybersecurity website.

ASPR will continue to monitor the situation and provide further information as necessary. Additionally, we encourage everyone to subscribe to the weekly Healthcare and Public Health Sector Highlights, Cybersecurity Edition to receive the latest Cyber-related updates and information.

Your partners in security-

ASPR CIP Staff

Government Coordinating Council leadership

Suzanne Schwartz, FDA
Laura Wolf, ASPR

Sector Coordinating Council Leadership

Mike Wargo, HCA (Acting Chair)
Cathy Lester, Verizon
Nicolette Louissaint, Healthcare Ready
Jim McCorry, Riverside Health System
Terry Rice, Merck

Traffic Light Protocol (TLP) Designation: WHITE

TLP: WHITE information may be distributed without restriction.

If you or your organization are the victim or become aware of any cyber threats and/or incidents, please e-mail the HHS Health Sector Cybersecurity Coordination Center (HC3) at HC3@hhs.gov with CC to CIP@hhs.gov.

For general inquiries on critical infrastructure protection, please contact CIP@hhs.gov.

To receive weekly cyber threat briefings every Friday, sign up for the Healthcare and Public Health Sector Highlights – Cybersecurity Edition by visiting our website.

DISCLAIMER: This product is provided “as is” for informational purposes only. The Department of Health and Human Services (HHS) does not provide any warranties of any kind regarding any information contained within. The HHS does not endorse any commercial product or service referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking noted above.

You are receiving this information because you previously signed up for an ASPR CIP mailing list. If you do not want to receive communications from ASPR CIP or the HPH Sector, you can unsubscribe using the link at the bottom of this message.

U.S. Department of Health & Human Services, Office of the Assistant Secretary for Preparedness & Response
200 C Street, SW
Washington, DC 20024

Privacy Policy | GovDelivery is providing this information on behalf of U.S. Department of Homeland Security, and may not use the information for any other purposes.

Unsubscribe

U.S. Department of Homeland Security · Washington, DC 20528 · 800-439-1420