log in
All Articles | Back

Member Articles


HHS Advises Health Care Entities Immediately Patch Operating System Vulnerabilities 

by Jennifer Orr Mitchell, Jared M. Bruce

Published: January, 2020

Submission: February, 2020

 



On Jan. 15, 2019, the Department of Health and Human Services’ (HHS) Office of Civil Rights (OCR) shared a bulletin published by the Office of the Assistant Secretary for Preparedness and Response, Critical Infrastructure Protection Public-Private Partnership (ASPR CIP) regarding a number of vulnerabilities identified in Microsoft Windows operating systems, which if not addressed, pose significant a threat to the environment.


On Jan. 14, 2020, Microsoft released a security software patch to mitigate these vulnerabilities in supported Windows operating systems. Microsoft’s security software update guide is available here.


Subsequently, the federal Cybersecurity and Infrastructure Security Agency (CISA) released an Emergency Directive and Activity Alert addressing critical vulnerabilities affecting Windows CryptoAPI and Windows Remote Desktop Protocol (RDP) server and client. Some of the vulnerabilities could enable a remote attacker to decrypt, modify, or inject data on user connections. Due to the seriousness of these vulnerabilities, ASPR CIP strongly recommends all health care and public sector entities also consider patching their environment as soon as possible. This recommendation is based on the likelihood of the vulnerabilities being weaponized, combined with the widespread use of the affected software across the sector and high potential for a compromise of integrity and confidentiality of information.


The full CISA alert is available here.


If you have any questions regarding this bulletin published by HHS-OCR or other health care cybersecurity concerns, please contact your Dinsmore health care attorney.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        


 



Link to article

 

MEMBER COMMENTS

 

 

WSG Member: Please login to add your comment.

    Disclaimer

WSG's members are independent firms and are not affiliated in the joint practice of professional services. Each member exercises its own individual judgments on all client matters.

HOME | SITE MAP | GLANCE | PRIVACY POLICY | DISCLAIMER |  © World Services Group, 2020