Exercise Vigilance for Potential Iranian Cyber Threat

As a result of recent events involving the United States and Iran and the threat of retaliation (potentially cyber-based) by Iran, the New York State Department of Health (DOH) is urging health care providers and local health departments to exercise increased vigilance for potential cyber events. While there is no specific retaliatory threat known at this time, Iran has historically utilized cyber as a means of attacking its adversaries. Accordingly, DOH and all State agencies are taking additional steps to protect information systems and critical infrastructure.

To avoid phishing attempts, exposure of systems data, and interruption of patient/resident services, members are encouraged to undertake basic preventative measures such as:

screening emails for unknown senders;
avoiding the use of personal email or social media at workstations;
using caution in following email links and opening attachments without authenticating the sender; and
monitoring the functioning of medical devices and taking immediate action if any suspicious performance is recognized.

Instructions on how to notify DOH if a systems breach is discovered can be found in a Dear Administrator Letter (DAL), Cybersecurity Reporting Guide poster, and Frequently Asked Questions (FAQ) document updated and distributed to providers in October 2019.

Other helpful resources include the following from an announcement issued by the Health and Human Services (HHS) Office of the Assistant Secretary for Preparedness and Response (ASPR), Critical Infrastructure Division and the Department of Homeland Security (DHS):

Members with questions are advised to contact ohim@health.ny.gov.