The Department of Energy, Cybersecurity and Infrastructure Security Agency, National Security Agency and FBI yesterday recommended critical infrastructure organizations take steps to prevent malicious actors from accessing their industrial control system (ICS) and supervisory control and data acquisition (SCADA) devices to disrupt critical functions in their operational technology network.
John Riggi, AHA’s national advisor for cybersecurity and risk, said, “This alert, which includes intelligence from the NSA, warns us of a serious threat to operational technology that may be present in hospitals and in use by our mission-critical third parties. The disruption of mission-critical operational technology may directly or indirectly negatively impact health care delivery. This alert should be reviewed in the context of the recent FBI alert on the TRITON malware attributed to the Russian government, which also targets ICS and safety control systems. It is strongly recommended that hospitals identify mission-critical ICS/SCADA devices and systems; enforce multi-factor authentication on them; isolate them from internal and internet networks; and limit and closely monitor communications entering or leaving the ICS/SCADA perimeter.”
For more on this or other cyber and risk issues, contact Riggi at jriggi@aha.org.