The Health Information Sharing and Analysis Center (Health-ISAC) and the American Hospital Association (AHA) released a joint advisory cautioning hospitals regarding a possible coordinated multi-city terrorist attack targeting hospitals in the upcoming weeks. On March 18, 2025, the AHA and Health-ISAC found a social media write-up regarding possible ISIS-K coordinated terrorist attacks on U.S. hospitals. ISIS-K is part of the Islamic State jihadist group. The information was posted on the X (Twitter) account of a company claiming to be Christian, American Kinetix based in the United States, consisting of CIA, JSOC, and combat veterans.
The post mentioned chit-chat in ISIS-K training camps within Afghanistan that the group’s plan is at the advanced levels. Based on the post, ISIS-K is going to use Vehicle-Borne Improvised Explosive Devices (VBIEDs) as well as armed attacks and hostage cases. “Intelligence indicates these attacks should happen before Al-Q’aida’s organized aviation/D.C. attack, most likely making hospitals a prologue to a greater operation. The post cautioned that the attacks will possibly target hospitals in several mid-tier U.S. cities. Hospitals are the target because they are critical infrastructure and considered as soft targets having minimal security and the possibility of considerable casualties.
The AHA and Health-ISAC do not have information that confirms or discounts the reliability of the danger but state the threat must be given serious attention. They are working directly with the Federal Bureau of Investigation (FBI) concerning the threat and will publish more details when available. According to the AHA and Health-ISAC, international terrorist organizations do not typically talk in public about an impending attack. The problem is that the post may inspire others to carry out malicious activities toward the health industry. Based on American Kinetix, it got reports of potential pre-attack monitoring at hospitals.
The AHA and Health-ISAC advise the hospital security groups to evaluate their emergency management programs and increase awareness of the prospective threat among their employees, and for all hospital personnel to stay vigilant concerning suspicious activity, as well as persons and motor vehicles on company property and in the area of health industry facilities. In case the threat is serious, there is apt to be reconnaissance and monitoring before the attack to spot prospective targets, therefore having an obvious security presence might mitigate being selected as a target. Upon identifying any suspicious activity, it must be reported to authorities immediately. Companies should evaluate the coordination and abilities of physical safety, cybersecurity, and emergency management options. Additionally, growing connections with local and government law enforcement may improve response efforts during an attack.
With these potential threats directed at the healthcare sector, ensuring HIPAA compliance is very important to protect the sensitive data of every American individual.