TLP White

This week, Hacking Healthcare begins with a final call for members interested in participating in this year’s Hobby Exercise. Next, we break down what lessons can be learned from the news that an Iranian-backed threat actor’s attempted targeting of a children’s hospital was thwarted. Finally, we analyze what the response might be to the admission by the director of U.S. Cyber Command to have conducted offensive operations in support of Ukraine.

As a reminder, this is the public version of the Hacking Healthcare blog. For additional in-depth analysis and opinion, become a member of H-ISAC and receive the TLP Amber version of this blog (available in the Member Portal.)


Pdf version:

Hacking Healthcare 6.7.2022 TLP White


Text version:


Welcome back to Hacking Healthcare.

1. Hobby Exercise 2022

The third iteration of the Health-ISAC Hobby Exercise is on the horizon. This tabletop exercise is an annual Healthcare and Public Health (HPH) event designed to engage the sector and strategic partners, including those in government, on significant security and resilience challenges. The overarching objective is to inform and provide opportunities for continuous organizational improvement while increasing healthcare sector resiliency. It is named for Oveta Culp Hobby, the first U.S. Secretary of Health, Education, and Welfare.


Health-ISAC members interested in learning more or wishing to participate on July 28 should email yours truly, John Banghart ( Only a few spots remain open, so please let us know as soon as possible! Learn more here


2. Iranian Cyber Actors Targeted U.S. Children’s Hospital

Speaking at an event last Wednesday, Federal Bureau of Investigation (FBI) Director Christopher Wray briefly discussed a thwarted cyberattack on Boston Children’s Hospital that occurred last August. The incident presents a useful case study in how public-private partnership can lead to positive outcomes, while also creating an opportunity to ask why this isn’t always the case. Before diving into lessons learned, let’s break down what happened, according to Director Wray.

At a cybersecurity conference at Boston College, Director Wray briefly discussed how a malicious cyber actor with links to the Iranian government targeted the Boston Children’s Hospital last August in a “despicable” cyber attack.[1] The FBI became aware of the planned attack through an “intelligence partner,” and the local FBI field office promptly made contact with Boston Children’s hospital to warn it.

According to Director Wray, the FBI met with the hospital seven times over the next ten days as they helped to “plan for the attack and address [the hospital’s] concerns,” and then “ID and then mitigate the threat.”[2] Director Wray praised the quick actions of the hospital staff in helping to ensure that there were no operational disruptions. Director Wray did not give any particular motive for the planned attack but did note that many countries sponsor attacks in this way.

This is also not the first time that Boston Children’s Hospital has been the target of cyberattacks. Director Wray explained that the FBI and Boston Children’s Hospital have an excellent working relationship, in part due to previous attacks back in 2014 and 2019.[3]

Action & Analysis
**Membership required**


3. U.S. Cyber Command Admits Offensive Operations In Support of Ukraine

On June 1st, Sky News reported that Gen. Paul Nakasone, the dual-hatted head of both the U.S. military’s Cyber Command and the National Security Agency (NSA) admitted to carrying out a full spectrum of defensive, offensive, and information cyber operations in support of Ukraine. The admission has some worried that it could be used as justification for Russian attacks against U.S. entities.

Sky News reported in an exclusive interview that his command had carried out “a series of operations across the full spectrum: offensive, defensive, [and] information operations.”[4] While General Nakasone declined to elaborate on any detail, Sky News reported that he “explained how [the operations] were lawful, [and were] conducted with complete civilian oversight of the military and through policy decided at the Department of Defense.”[5]

General Nakasone would not be drawn on how significant the risk of Russian attacks on U.S. entities was, but he did declare, “We remain vigilant every single day. Every single day. I think about it all the time.”[6]

Action & Analysis
**Membership required**


US Congress

Tuesday, June 7th:

– Senate – Committee on Homeland Security and Governmental Affairs: Hearings to examine ransomware attacks and ransom payments enabled by cryptocurrency, focusing on rising threats.

Wednesday, June 8th:

– Senate – Committee on Health, Education, Labor, and Pensions: Business meeting to consider S.4348, to amend the Federal Food, Drug, and Cosmetic Act to revise and extend the user-fee programs for prescription drugs, medical devices, generic drugs, and biosimilar biological products


Thursday, June 9th:

– No relevant hearings


International Hearings/Meetings

– No relevant meetings

EU –


Conferences, Webinars, and Summits

Contact us:  follow @HealthISAC, and email at


About the Author

Hacking Healthcare is written by John Banghart, who served as a primary advisor on cybersecurity incidents and preparedness, and led the National Security Council’s efforts to address significant cybersecurity incidents, including those at OPM and the White House. John is currently the Senior Director of Cybersecurity Services at Venable. His background includes serving as the National Security Council’s Director for Federal Cybersecurity, as Senior Cybersecurity Advisor for the Centers for Medicare and Medicaid Services, and as a cybersecurity researcher and policy expert at the National Institute of Standards and Technology (NIST), and in the Office of the Undersecretary of Commerce for Standards and Technology.

John can be reached at and








Translate »