The US Department of Health and Human Services Office of the National Coordinator for Health Information Technology has issued a SPR/CIP HPH Cyber Notice about Hidden Cobra and Microsoft Updates.
According to the Cyber Notice, there have been two recent reports released by Microsoft and the Department of Homeland Security (DHS) about multiple vulnerabilities with Microsoft products, including the Windows operating system, and a threat by a group DHS labels as “Hidden Cobra”.
Both relate to the same type of vulnerability that allowed WannaCry to spread. Importantly, simply installing the Microsoft patches will not necessarily protect from “Hidden Cobra” since they use a wide range of vulnerabilities. DHS states “Hidden Cobra” targets are “…the media, aerospace, financial, and critical infrastructure sectors in the United States and globally”, so targeting of the Healthcare and Public Health sector systems and devices in the U.S. is possible.
Suggested Safeguards:
- Install the patches from Microsoft
- Review the vulnerabilities in the US-CERT “Hidden Cobra” report and install associated patches.
- Review logs and implement blocks for indicators listed in the “Hidden Cobra” report.
The Cyber Notice urges healthcare providers to review the HHS’ Cybersecurity Program compilation of technical information and resources to support efforts to mitigate this threat.
MCN HEALTHCARE
Regulatory Compliance Solutions for Healthcare Organizations
Our comprehensive compliance suite includes:
Policy Management Software | Policy Library Templates
StayAlert! – Regulatory Alert System | Learning Management System
Learn more. Visit www.mcnsolutions.com