AHA and Health-ISAC warn hospitals of a potential terrorist attack

Photo: JazzIRT/Getty Images

The American Hospital Association and the nonprofit Health-ISAC (Information Sharing and Analysis Center) are warning of a potential terrorist threat against U.S. hospitals in the coming weeks.

On March 18, user @AXactual made a post on X with details related to the active planning of a coordinated, multi-city terrorist attack on United States health sector organizations, according to the joint threat bulletin.

The terrorist attack on hospitals would reportedly be by ISIS-K, a division of the jihadist group Islamic State, according to The HIPAA Journal. The post was added to the X account of American Kinetix, which claims to be a Christian company in the United States that consists of JSOC (Joint Special Operations Command), the CIA and combat veterans, The HIPAA Journal said.

American Kinetix said it had received reports of possible pre-attack surveillance at hospitals.

The post said chatter in ISIS-K training camps in Afghanistan confirmed planning is in the advanced stages, The HIPAA Journal said. According to the post, ISIS-K would use Vehicle-Borne Improvised Explosive Devices (VBIEDs) followed by armed assaults and hostage scenarios. 

“Intelligence suggests these attacks must occur before Al-Q’aida’s planned aviation/D.C. attack, likely making hospitals a prelude to a larger-scale operation,” explained the post, according to that report.

The primary targets would be mid-tier cities with low-security facilities, the joint threat bulletin said. With the information claiming multiple simultaneous targets, attackers would likely select health sector facilities with visibly weak security and conduct prior planning coordination. 

It is common practice for individuals contemplating targeted acts of violence to conduct pre-attack surveillance and reconnaissance, the bulletin said. Having a visible security presence can mitigate being chosen as a target during the planning phase of an attack.

The AHA and Health-ISAC said they are sharing the joint threat bulletin out of an abundance of caution to spread awareness of the potential threat. The AHA and Health-ISAC are in close contact with the FBI and said they will provide additional information as it becomes available.

At this time, no information is available to either corroborate or discount this threat’s credibility, the bulletin said. 

“Generally, foreign terrorist groups do not publicize their upcoming attacks,” the AHA and Health-ISAC said in the bulletin. “However, this widely viewed post may encourage others to engage in malicious activity directed toward the health sector, so threats of this nature should be taken seriously. Security teams should review emergency management plans and spread awareness of the potential threat internally.”

The groups recommended that organizations review and evaluate the coordination and capabilities of physical security, cybersecurity and emergency management plans and to increase relationships with local and federal law enforcement to streamline response efforts during an attack. 

In addition, staff and security teams should remain vigilant for any suspicious activity, as well as people or vehicles on organizational premises or in the vicinity of health sector facilities, the bulletin said. If any are identified, they advise to notify local law enforcement immediately.

Email the writer: SMorse@himss.org

Photo: JazzIRT/Getty Images

The American Hospital Association and the nonprofit Health-ISAC (Information Sharing and Analysis Center) are warning of a potential terrorist threat against U.S. hospitals in the coming weeks.

On March 18, user @AXactual made a post on X with details related to the active planning of a coordinated, multi-city terrorist attack on United States health sector organizations, according to the joint threat bulletin.

The terrorist attack on hospitals would reportedly be by ISIS-K, a division of the jihadist group Islamic State, according to The HIPAA Journal. The post was added to the X account of American Kinetix, which claims to be a Christian company in the United States that consists of JSOC (Joint Special Operations Command), the CIA and combat veterans, The HIPAA Journal said.

American Kinetix said it had received reports of possible pre-attack surveillance at hospitals.

The post said chatter in ISIS-K training camps in Afghanistan confirmed planning is in the advanced stages, The HIPAA Journal said. According to the post, ISIS-K would use Vehicle-Borne Improvised Explosive Devices (VBIEDs) followed by armed assaults and hostage scenarios. 

“Intelligence suggests these attacks must occur before Al-Q’aida’s planned aviation/D.C. attack, likely making hospitals a prelude to a larger-scale operation,” explained the post, according to that report.

The primary targets would be mid-tier cities with low-security facilities, the joint threat bulletin said. With the information claiming multiple simultaneous targets, attackers would likely select health sector facilities with visibly weak security and conduct prior planning coordination. 

It is common practice for individuals contemplating targeted acts of violence to conduct pre-attack surveillance and reconnaissance, the bulletin said. Having a visible security presence can mitigate being chosen as a target during the planning phase of an attack.

The AHA and Health-ISAC said they are sharing the joint threat bulletin out of an abundance of caution to spread awareness of the potential threat. The AHA and Health-ISAC are in close contact with the FBI and said they will provide additional information as it becomes available.

At this time, no information is available to either corroborate or discount this threat’s credibility, the bulletin said. 

“Generally, foreign terrorist groups do not publicize their upcoming attacks,” the AHA and Health-ISAC said in the bulletin. “However, this widely viewed post may encourage others to engage in malicious activity directed toward the health sector, so threats of this nature should be taken seriously. Security teams should review emergency management plans and spread awareness of the potential threat internally.”

The groups recommended that organizations review and evaluate the coordination and capabilities of physical security, cybersecurity and emergency management plans and to increase relationships with local and federal law enforcement to streamline response efforts during an attack. 

In addition, staff and security teams should remain vigilant for any suspicious activity, as well as people or vehicles on organizational premises or in the vicinity of health sector facilities, the bulletin said. If any are identified, they advise to notify local law enforcement immediately.

Email the writer: SMorse@himss.org