HHS Issues Cyber Notice

PUBLISHED: Jun 22, 2017
Relevant to: Ambulatory Care, Behavioral Health, Clinical Lab, Critical Access Hospitals, Home Health, Hospice, Hospitals, Long Term Care, Medical Office/Clinic

The US Department of Health and Human Services Office of the National Coordinator for Health Information Technology has issued a SPR/CIP HPH Cyber Notice about hidden Cobra and Microsoft Updates.

According to the Cyber Notice, there have been two recent reports released by Microsoft and the Department of Homeland Security (DHS) about multiple vulnerabilities with Microsoft products, including the Windows operating system, and a threat by a group DHS labels as “Hidden Cobra”.

Both relate to the same type of vulnerability that allowed WannaCry to spread. Importantly, simply installing the Microsoft patches will not necessarily protect form “Hidden Cobra” since they use a wide range of vulnerabilities. DHS states “Hidden Cobra” targets are “…the media, aerospace, financial, and critical infrastructure sectors in the United States and globally”, so targeting of the Healthcare and Public Health sector systems and devices in the U.S. is possible.

The Cyber Notice urges healthcare providers to review the HHS’ Cybersecurity Program compilation of technical information and resources to support efforts to mitigate this threat.

Want to read the full alert and receive alert emails?

Browse Additional Alerts