HHS OCR Update on Recent Cyber Notice

PUBLISHED: Jan 18, 2018
Relevant to: Ambulatory Care, Behavioral Health, Clinical Lab, Community Mental Health Centers, Critical Access Hospitals, Dialysis Facilities, Home Health, Hospice, Hospitals, Long Term Care, Medical Office, Pharmacy

The US Department of Health and Human Services (HHS) Office of the National Coordinator for Health Information Technology has issued a technical update to the previously distributed HPH Cyber Notice covering chip vulnerabilities named Meltdown and Spectre. Both Meltdown and Spectre are vulnerabilities in how computer chips handle data that have the potential to expose sensitive information, such as protected health information (PHI), being processed on the chip.

As this information is protected from disclosure under HIPAA, Healthcare and Public Health (HPH) entities should employ risk management processes to address these vulnerabilities and ensure the security of medical records and other PHI.

Major concerns for the HPH sector include but are not limited to:

  • Challenges identifying vulnerable medical devices and accessory medical equipment and ensuring patches are validated to prevent impacts to the intended use.
  • Cloud Computing: Potential PHI or Personally Identifiable Information (PII) data leakage in shared computing environments
  • Web browsers: Possible PHI/PII data leakage
  • Patches: Potential for service degradation and/or interruption from patches

Follow the link below for the detailed technical report on widespread processor vulnerabilities.

Want to read the full alert and receive alert emails?

Browse Additional Alerts