Table of Contents
CyberMaxx is aware of the security bulletin released jointly by the American Hospital Association (AHA) and Health-ISAC regarding a social media post on March 18, 2025, that mentioned active planning for a coordinated, multi-city terrorist attack on hospitals in the coming weeks.
We assess with a high degree of confidence that this threat was made against the physical domain, not related to cyber infrastructure, we are taking precautions, nonetheless. We have placed clients in the healthcare sector under additional scrutiny and are proactively threat-hunting for techniques that are primarily deployed in persistence-based operations. We are working to review logs from firewalls, VPNs, remote access services, and Active Directory environments for anomalies that indicate unauthorized access or exploitation.
Likewise, we strongly urge clients to make sure their operating systems and environments are patched / not vulnerable to known and common Active Directory attack paths such as PrintNightmare (CVE-2021-34527), Zerologon (CVE-2020-1472), and LDAP Nightmare (CVE-2021-42278 & CVE-2021-42287) which allow an attacker living on a perimeter device to escalate privileges and maintain persistent access to the active directory environment.
Recommendations
- Review & Strengthen Physical Security Measures:
- Assess physical security, cybersecurity, and emergency management plans.
- Ensure visible security presence to deter potential threats.
- Focus on facilities in mid-tier cities with lower security, as they are mentioned as primary targets.