Blog | Enterprise Risk Management

Federal government, American Hospital Association issue warnings and guidance about cybersecurity threats stemming from the conflict in Ukraine

Blog | Enterprise Risk Management

Federal government, American Hospital Association issue warnings and guidance about cybersecurity threats stemming from the conflict in Ukraine

The heightened risk environment includes the possibility of being targeted directly or being impacted by malware that spreads from other sectors.

U.S. hospitals should be on alert as global events potentially increase the risk of cyberattacks, according to recent advisories.

Russia’s ongoing invasion of Ukraine has led to economic sanctions and other retaliatory steps by the United States, Europe and others. It’s possible that Russia, in turn, would retaliate by launching cyberattacks against the West.

Hospitals could be among the targets, given their vital societal role.

The federal Cybersecurity & Infrastructure Security Agency (CISA) has issued a “Shields Up” bulletin to all U.S. businesses, stating, “Every organization — large and small — must be prepared to respond to disruptive cyber activity.”

The bulletin provides guidance on how an organization can:

  • Reduce the likelihood of a damaging cyber intrusion
  • Take steps to quickly detect a potential intrusion
  • Ensure the organization is prepared to respond if an intrusion occurs
  • Maximize the organization’s resilience to a destructive cyber incident

The bulletin also includes tips specific to leaders and CEOs, including the need to:

  • Empower chief information security officers
  • Lower reporting thresholds
  • Participate in a test of response plans
  • Focus on continuity
  • Plan for the worst

CISA also has issued guidance on specifically understanding and mitigating Russian state-sponsored threats to U.S. critical infrastructure.

AHA says hospitals face several levels of risk

The American Hospital Association (AHA) issued an advisory, noting that in addition to possibly being directly targeted by Russian state-sponsored actors, hospitals and health systems could be affected if malware or destructive ransomware is initiated overseas or in another sector and then “inadvertently penetrates U.S. healthcare entities.”

The latter scenario played out in 2017, when Russia launched the destructive NotPetya malware against Ukraine. “The malware subsequently spread globally, disrupting operations at a major U.S. pharmaceutical company, a major U.S. healthcare communications company and U.S. hospitals,” the AHA stated.

A cyberattack also could "disrupt hospitals’ mission-critical service providers,” such as utility companies, the AHA stated.

The AHA recommended that hospitals immediately take several steps, including ensuring their IT and cyber infrastructure teams have access to the latest news and guidance. Specific best practices include:

  • Monitoring for unusual network traffic or activity, especially around active directories, and ensuring staff are aware of the increased risk of receiving malware-laden phishing emails
  • Implementing geo-fencing for all inbound and outbound traffic originating from, and related to, Ukraine and its surrounding region, although such a step may not lower indirect risk from malware targeting other regions or sectors (March 1 update: CISA in January issued a bulletin from Microsoft about destructive malware targeting Ukrainian organizations and on Feb. 26 issued an advisory about two instances of malware that have been deployed against organizations in Ukraine and can "destroy computer systems and render them inoperable")
  • Identifying all internal and third-party mission-critical clinical and operational services and technology, and preparing four-to-six-week business continuity plans and well-practiced downtime procedures in the event those services or technologies are disrupted
  • Checking the redundancy, resiliency and security of network and data backups and ensuring that copies exist offline, on the premises and in the cloud — with at least one immutable copy — and are network-segmented 
  • Documenting, updating and practicing a cross-functional, leadership-level cyber incident response that includes emergency communications plans and systems

About the Author

Nick Hut

is a senior editor with HFMA, Westchester, Ill. (

Sign up for a free guest account and get access to five free articles every month.


Related Articles | Enterprise Risk Management

Column | Healthcare Business Trends

Paul Keckley: Inflation’s impact on healthcare: 5 takeaways

For healthcare finance professionals, healthcare inflation requires intensified efforts to address five concerns: increased bad debt, increased operating costs, heightened public scrutiny of pricing policies and executive compensation, increased competition by privately funded competitors offering low-cost solutions and growth of “Occupy Healthcare” movements.

Article | Cost Effectiveness of Health

5 ways the ERM playbook for health systems is due for a rewrite

Business risk for health systems has continued to evolve amid huge changes affecting the industry, including those driven by COVID-19. Health system leaders should respond by revisiting their approach to enterprise risk management (ERM) to focus on five areas of risk where their ability to deliver healthcare cost effectively could be compromised: Labor shortages, capital planning amid ongoing change, energy consumption, cyber security and price transparency.

How To | Cost Effectiveness of Health

4 essential tactics for sustaining an independent community hospital

Independent community hospital face threats to their survival, and they need to take deliberate action to address those threats in order to continue to deliver essential care cost effectively to their communities. Leading community hospitals that are committed to remaining independent share the tactics they have adopted to ensure their independence is sustainable

How To | Capital Finance

Healthcare providers face a growing risk of violating debt covenants

COVID-19 has increased the financial strain on healthcare providers that puts them at risk of being noncompliant with lending covenants. They should be taking proactive steps now to avoid or mitigate the potentially severe adverse financial consequence of such an occurrence.