The New York State Department of Health has issued an urgent cybersecurity advisory (the Advisory) warning of increased threat levels and a higher likelihood of cybersecurity attacks from Iranian state-backed actors following U.S. military strikes on the Fordow, Natanz, and Isfahan nuclear facilities in Iran. The Advisory warns that “intelligence sources indicate a high likelihood of cyberattacks and heightened cybersecurity threat activity against the critical infrastructure of the United States and North Atlantic Treaty Organization (NATO) member states.”
Further, the Advisory recommends that healthcare providers and related organizations should “review, update and ensure organizational awareness of their disaster and emergency response plan and cybersecurity incident response plan, and verify they have adequate backups of critical systems and data.” The Advisory also recommends that healthcare organizations should tighten their physical security controls and should “secure their Operational Technology (OT) systems against cyberattack[s] by removing OT connections to the public internet, chang[ing] default passwords and us[ing] strong, unique passwords, secur[ing] remote access to OT networks, and segment[ing] IT and OT networks.”
The Advisory comes on the heels of a bulletin published by the Department of Homeland Security (DHS) on June 22, 2025, in which DHS warned that cyberattacks by “by pro-Iranian hacktivists…and cyber actors affiliated with the Iranian government” are likely. Moreover, the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), the Department of Defense Cyber Crime Center (DC3), and the National Security Agency (NSA) issued a joint advisory on June 30, 2025, warning that organizations should “remain vigilant for potential targeted cyber activity against U.S. critical infrastructure and other U.S. entities by Iranian-affiliated cyber actors.”
This increase in the national cybersecurity threat posture strongly resembles the level reached in February of 2020 following the U.S. strike that killed Major General Qassem Soleimani of Iran’s Quds Force. At that time, CISA and the New York Department of Financial Services issued similar threat escalation alerts. The national threat posture concerning Iranian backed threat actors again increased in August of 2024, when DHS warned that Iran-based cyber actors were collaborating with ransomware organizations to increase attacks on U.S. based organizations across both the public and private sectors—including the healthcare sector.
Alston & Bird’s Cyber, Privacy, and Data Strategy team will continue to monitor the increased cybersecurity threat level amid heightened tensions over the military strikes in Iran. For more information on responding to a cybersecurity or ransomware incident, visit Alston & Bird’s Ransomware Fusion Center, or contact a member of our Cyber, Privacy, and Data Strategy team.
