Advisory Notice:
The Office of the Director of National Intelligence (ODNI) has highlighted China-based threat groups actively targeting critical infrastructure in the United States. Identified under the “Typhoon” designation, including “Salt Typhoon” and “Volt Typhoon,” these actors have been linked to cyber operations against U.S. telecommunications providers and, among other sectors, healthcare organizations. Recognizing this threat underscores the vital role healthcare leaders play in protecting patient safety and operational continuity.
The Health Sector Coordinating Council (HSCC) has also released a briefing video highlighting the Typhoon threat groups through the 405(d) program’s social media channels and the U.S. Department of Health and Human Services (HHS) Cyber Gateway. This communication underscores the threats to the health sector and the need for continued vigilance.
The ODNI report further underscores the sustained activity of Transnational Criminal Organizations, which continue to pose a significant ransomware threat to U.S. healthcare organizations. While attention is currently focused on nation-state–aligned Typhoon activity, healthcare leaders should remain mindful that financially motivated ransomware groups continue to account for many disruptive incidents impacting care delivery, operations, and patient safety.
What Healthcare Organizations Should Be Doing Now
Healthcare organizations should treat the Typhoon activity as a reinforcement of long-standing risk themes rather than a standalone threat. Priority actions include validating external attack-surface visibility, ensuring asset inventories are up to date, and confirming that network segmentation and identity controls are consistently enforced across clinical, administrative, and third-party access paths.
Leaders should also review and test incident response and business continuity plans through tabletop exercises to ensure readiness for operational disruptions, including telecom or connectivity issues.
Continue to Support and Communicate
Fortified will continue to monitor intelligence from ODNI, HSCC, HHS, and other trusted healthcare and federal sources and translate relevant developments into actionable guidance for our clients.
Updates will be delivered through our Advisory Bulletins, CISO Briefs, and broader ecosystem communications, with a focus on healthcare-specific impact, recommended actions, and leadership-level talking points.
As the threat landscape evolves, Fortified will also incorporate emerging insights into ongoing risk assessments, tabletop exercises, and executive briefings to ensure clients remain informed, prepared, and operationally resilient. Our ongoing support aims to build confidence in your security posture.
Fortified recommends applying patches and updates where possible and only after adequate testing in a development environment to ensure stability and compliance with organizational change management policies.