By Jeff Wardon, Jr., Assistant Editor

Healthcare facilities are a vital part of societal infrastructure. During times of crisis, they provide a haven for people who are struggling with whatever illness or disaster that befalls them. Simply put, they help keep society moving forward. 

However, healthcare can become a target of conflict due to its critical nature. Taking out such a lifeline can cripple communities, even nations. With the added dangers of cyberattacks, entire healthcare systems can be taken out from afar. As geopolitical tensions rise, so do the stakes of cyber warfare. 

Errol Weiss, chief security officer at Health-ISAC, spoke with Healthcare Facilities Today to explore the relationship between global tensions and cyberattacks, along with the threats that poses to healthcare operations. 

HFT: How are rising geopolitical tensions influencing the volume or severity of cyberattacks targeting U.S. healthcare infrastructure? 

Errol Weiss: There’s definitely a correlation. Anytime we see rising tensions from one country to the next, we’re also seeing offensive cyber actions being used as part of the overall strategy between those nations. When we look today across the board, nearly every country of Earth has got some offensive cyber capability at this point. It’s just astounding. 

In the case of Iran and Israel, for example, cyber activities have stepped up in what we’re seeing coming from Iran against the U.S. between May and June of this year. Activity has also certainly increased even in the healthcare sector with hospitals getting cyberattacks. We’ve also seen Iranian criminal groups being motivated to run ransomware attacks against U.S. and Israeli targets. They’re going all out with any sort of attack that can help disrupt critical infrastructure. 

HFT: What types of cascading cyberattacks pose the greatest risk to hospital operations and emergency response systems? 

Weiss: We know the classic things that happen when hospitals get hit with ransomware: patients are diverted to other hospitals, procedures being delayed and lab results delayed. On the cascading side – this is when there’s disruption further up the supply chain – that's where we really start to see potentially major, even widespread impacts. 

Related Content: Protecting the Healthcare Supply Chain from Cyberattacks

Look at what happened in 2024 with the Octapharma Plasma, Synovus and OneBlood incidents. Each of those are critical suppliers of blood plasma, blood supplies, lab procedures, etc. When those attacks happened, we had widespread outages and impacts across London and the Greater London area. Then when the Synovus and Octapharma attacks happened, it affected blood plasma suppliers across dozens of states in the U.S. Soon after, the OneBlood incident hit and impacted the blood supply across Florida and some of the surrounding areas. 

Again, we’ll see supply chain impacts like this, and it’s not isolated. It could be pretty widespread geographically. For example, if you’re looking for healthcare services in a rural area and now you’ve got a widespread area of outages, then we’re really talking about a serious patient safety impact at that point. 

HFT: In what ways can a cyberattack tied to a physical conflict compromise patient safety or delay critical care delivery? 

Weiss: It’s sort of come to a one-two punch. There is a physical conflict going on where there’s literal damage to property and facilities. Now the second punch comes in with cyberattacks. They need to further try to destabilize some of these essential services. 

If a hospital is unable to provide services because they’ve been impacted through physical destruction or a cybersecurity outage, ambulances will have to be diverted, surgeries are canceled and clinicians can’t access patient records. 

Then beyond just those immediate disruptions, the other challenge here is if we’ve got a prolonged attack, that can start eroding public confidence in healthcare systems. That ultimately complicates emergency response efforts across greater areas. 

HFT: From a national security perspective, what role does the healthcare sector play in overall incident readiness—and where are the current gaps? 

Weiss: Healthcare is one of the main critical infrastructures in the U.S. The resilience of healthcare directly impacts national security and public confidence. We need to have a safe, secure and robust healthcare system to respond to any sort of national crisis. 

In terms of current gaps, some of the major challenges that cybersecurity professionals face in healthcare have been a lack of investment and not enough resources. Things like third party risk management have been really challenging and that’s certainly one of the areas of weakness. It’s also one of the constant areas where we see organizations having breaches and other data incidents. 

The other thing is what I would call “fragmented defense.” What I mean it that we’ve got disjointed cybersecurity strategies across many organizations. The tools and the services that we have available from the industry in so many cases have limited effectiveness. Now we’ve got teams who are suffering from alert fatigue, slow response signs and complicated workflows. We need a united approach to the overall cybersecurity strategy. 

Jeff Wardon, Jr., is the assistant editor for the facilities market.