No Specific Credible Threat Targeting Hospitals

AHA & Health-ISAC Joint Threat Bulletin

As of March 26, 2025 the FBI has advised that, after an extensive investigation and intelligence review, they have not identified any specific credible threat targeted against hospitals in any U.S. city. If credible threat information is received, the FBI will immediately notify any identified potential targets and, if appropriate, alert the broader health care sector through the AHA, Health-ISAC, and other channels.

Background

On March 18, 2025, the American Hospital Association (AHA) and Health-ISAC (Health Information Sharing and Analysis Center) received multiple reports from the field regarding a public social media post alleging active planning of a coordinated, multi-city terrorist attack targeting hospitals in the coming weeks. Out of an abundance of caution, the AHA and Health-ISAC notified the field of the potential threat, indicating that no further information was available to either corroborate the threat or dismiss it as not credible. Generally, foreign terrorist groups do not publicize their upcoming attacks. The bulletin also advised that, regardless of the credibility of the specific threat, the widely viewed post might encourage others to engage in malicious activity directed toward the health sector.

Recommendations

Standard vigilance should be maintained, including a visible security presence to deter any act of targeted violence on hospital premises. As always, suspicious or threatening activity should be reported to local law enforcement

Contact Us

Watch for further information from the AHA and Health-ISAC on future potential threats. Health-ISAC provides this information to prevent the successful exploitation and disruption of your security apparatus. For more information, see Health Industry Cybersecurity Practices (HICP): Managing Threats and Protecting Patients or contact our Risk Management team.

Further Questions

If you have further questions, please contact John Riggi, AHA national advisor for cybersecurity and risk, or Scott Gee, AHA deputy director for cybersecurity and risk.

Related Resources: American Hospital Association, & Health Information Sharing and Analysis Center. (2025, March 26). Update: AHA and Health-ISAC threat advisory: FBI advises no specific credible threat targeting hospitals. Health-ISAC. https://health-isac.org/potential-terror-threat-targeted-at-health-sector-aha-health-isac-joint-threat-bulletin/

This content is for informational purposes only and not for the purpose of providing professional, financial, medical or legal advice. You should contact your licensed professional to obtain advice with respect to any particular issue or problem. Please refer to your policy contract for any specific information or questions on applicability of coverage.

Please note coverage can not be bound or a claim reported without written acknowledgment from a OneGroup Representative.