As Iran prepares to avenge its recent humiliating ground defeats with concerted cyber-attacks on the US, the Food and Drug Administration (FDA) has issued a stark warning to the medical sector.
“Manufacturing infrastructure can be particularly vulnerable with connected devices, Industrial Internet of Things (IIoT), and smart technologies becoming more ubiquitous. These connected technologies, considered Operational Technologies (OT), have historically been designed to prioritize consistent functionality over cybersecurity. Consequently, it is sometimes difficult to tell what, when, and where communications are happening, which has the potential to increase the risk of a cybersecurity incident,” warns the FDA.
As the FDA regulates over $3.6 trillion worth of food, tobacco, and medical products or 21 cents of every $1.00 spent by US consumers, concerted cyber-attacks by Iran could drastically affect the health of thousands or even millions of patients and consumers. Cyber-attacks might not only impact medical products and the US healthcare infrastructure, but also the public health supply chain in general, including manufacturing and shipping. The vulnerability of the medical sector to cyber-attacks is already well-proven.
“Data breaches, cyber incidents, and ransomware attacks on hospital systems, medical clinics, and US industries have become pervasive in recent years,” reports the FDA.
Iran may also target water supplies in the US
There are also growing concerns that Iranian state-backed hackers will target US water supplies and water treatment plants, which also run on difficult-to-secure OT systems. These concerns are grounded in the fact that, after the Israel conflict began in 2023, there were multiple attacks blamed on US water facilities that were believed to be conducted by Iran’s Islamic Revolutionary Guard Corps. In one example, Pro-Iran hackers, breached internet-connected equipment at a water plant just outside Pittsburgh. As the conflict with Iran escalates, attacks may also become more widespread, impacting all types of American businesses.
This week, the US Department of Homeland Security warned: “The ongoing Iran conflict is causing a heightened threat environment in the United States. Low-level cyber-attacks against US networks by pro-Iranian hacktivists are likely, and cyber actors affiliated with the Iranian government may conduct attacks against US networks.”
