Cyber Alert: Internet-Accessible Industrial Control Systems Targeted by Hacktivists
Attention HIROC Subscribers:
As your proactive partner in safety, HIROC is sharing the following important notice.
Please share this Alert with your Information Technology (IT) team, Information Security Management team, Chief Information Officer, and Chief Technology Officer and, as appropriate, with your building management personnel, to raise awareness about a potential cyber threat and to address potential risks promptly.
The purpose of this Alert is to raise awareness about recently reported incidents associated with internet-connected industrial control system (ICS) and operational technology (OT), and the measures that can be taken to reduce exposure.
The Canadian Centre for Cyber Security (Cyber Centre) and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) report a rise in attacks against ICS. Hacktivists are exploiting these systems using simple methods to disrupt essential services. While incidents span multiple sectors, they pose critical risks to healthcare and utility operations that depend on ICS and OT.
Recent incidents reported in Canada include:
- A municipal water facility experienced tampering with water pressure values, degrading service.
- An oil and gas company’s Automated Tank Gauge (ATG) was manipulated, triggering false alarms.
- A grain drying silo had its temperature and humidity settings changed, creating unsafe conditions.
These events show how attackers are finding and exploiting exposed devices online, often using default credentials or brute-force attempts that require minimal technical skill.
Systems at Risk
Exposed ICS components that pose significant risks include:
- Programmable Logic Controllers (PLCs)
- Remote Terminal Units (RTUs)
- Human-Machine Interfaces (HMIs)
- Supervisory Control and Data Acquisition (SCADA) systems
- Safety Instrumented Systems (SIS)
- Building Management Systems (BMS)
- Industrial Internet of Things (IIoT) devices
In hospitals and healthcare environments, these systems often manage HVAC, backup generators, and water treatment. An attack could disrupt patient care, laboratory operations, or facility infrastructure, resulting from:
- Service disruption to water, energy, or building systems
- Manipulation of safety or environmental controls
- Reputational damage from publicized incidents
- Regulatory implications if data or operations are affected
Recommended Actions
HIROC recommends the following for our Subscribers:
- Inventory all internet-accessible ICS and OT devices.
- Disable unnecessary external connections.
- Use Virtual Private Networks (VPNs) with multi-factor authentication for remote access.
- Conduct penetration tests and vulnerability assessments.
- Apply vendor security updates and follow manufacturer guidance.
- Define clear roles and responsibilities between internal teams and service providers.
- Run tabletop exercises to test incident response plans.
- Use intrusion detection and continuous monitoring for early threat detection.
We Are Here For You
In the event of a cyber loss, please contact HIROC’s Claims Department at [email protected].
For Healthcare Safety and Risk Management resources and advice, please contact [email protected].
If you have any questions about this Alert, please contact Kopiha Nathan, HIROC’s Privacy and Compliance Officer at [email protected].
Thank you for your vigilance and attention to this matter.