Hospitals and health systems are being urged to heighten cybersecurity defenses ahead of the Fourth of July holiday, a time of year that often brings increased risk of cyberattacks.
“We are subject to heightened cyber risk during holidays,” John Riggi, national advisor for cybersecurity and risk at the American Hospital Association, told Becker’s. “Quite frankly, adversaries—both nation-state and criminal groups—perceive that we are less vigilant during holidays.”
In a joint interview, Mr. Riggi and Scott Gee, the AHA’s deputy national advisor for cybersecurity and risk, discussed recent trends and evolving threats to hospitals and health systems during holiday periods. Their warning comes amid geopolitical tensions in the Middle East and a June 30 federal bulletin from the Cybersecurity and Infrastructure Security Agency warning that Iranian cyber actors may target vulnerable U.S. networks and entities of interest.
“We’ve actually seen this occur beginning back in 2020,” Mr. Riggi said. “There have been attacks not only on hospitals and health systems directly, but also against our mission-critical third-party providers.”
He pointed to the December 2021 cyberattack on UKG Kronos, which disrupted payroll and scheduling for health systems nationwide during the holiday season.
According to Mr. Riggi, cybercriminals see holiday weekends as prime opportunities for attacks due to reduced staffing and increased distractions.
“Cybersecurity staff, of course, have to take vacations around that period, so [adversaries] feel that our defenses may be lessened,” he said.
Holiday-themed phishing emails and social engineering tactics—such as spoofed help desk calls—also become more common, Mr. Riggi said.
Both Mr. Gee and Mr. Riggi warned that the symbolism of Independence Day could further motivate ideologically inspired attackers.
“We are at particularly increased risk because of the symbolism associated with the Fourth of July this year,” Mr. Riggi said. “We are concerned that hacktivists may use this as an opportune time.”
Mr. Riggi’s concern is supported by the federal bulletin issued by CISA, which urged organizations to stay vigilant for potential cyberattacks targeting critical infrastructure and other entities by Iranian-affiliated hackers, despite a declared ceasefire and ongoing diplomatic talks.
“Individuals ideologically aligned with Iran or acting at the direction of the Iranian government may attempt to conduct cyberattacks, including ransomware attacks, against U.S. critical infrastructure, which may directly or indirectly impact U.S. healthcare,” he said.
While there is no specific or credible threat identified for the upcoming holiday, Mr. Riggi emphasized the need for preparation.
“It’s a good time to review staffing schedules for both security teams and on-call leadership,” he said.
He also urged hospitals to double-check the security of their data backups, test their communication plans, and evaluate business and clinical continuity measures.
“Even if you have successfully deflected an attack,” Mr. Riggi said, “there is still significant disruption, and it may take weeks to restore.”
Mr. Gee added that testing plans is essential.
“Cybersecurity is not an end state. Cybersecurity is a process,” he said. “Every time you test a plan, you’re going to find gaps. You need to address those gaps, modify the plan, and be ready to test again.”
Mr. Riggi closed with a broader warning that attacks on health systems are not just data theft crimes; these are “threat-to-life crimes.”
“When these attacks disrupt and delay healthcare delivery, especially in our rural areas, that’s what’s at stake,” he said.
He also expressed concern over potential reductions in cybersecurity budgets tied to proposed federal spending cuts.
“If the budget reconciliation passes as proposed, with these massive cuts, there will be collateral damage throughout the entire health system network—including the lack of available resources to defend against our cyber adversaries,” Mr. Riggi said.