The United States Department of Health and Human Services (HHS) and Office for Civil Rights (OCR) has issued a cyber notice to the healthcare industry about a potential threat to healthcare cybersecurity.
The threat comes from a malicious cyber hacking group called Hidden Cobra.
On June 15th, 2017, the Office of Civil Rights (OCR) of HHS released an online notice notifying the whole healthcare IT community about a new threat, Hidden Cobra.
The notice was issued in response to two reports by the Department of Homeland Security and Microsoft that states “multiple vulnerabilities with Microsoft products, including the Windows operating system, and a threat by a group DHS labels as ‘Hidden Cobra.’
The threat relates to the same type of vulnerability that allowed WannaCry to spread. Importantly, simply installing the Microsoft patches will not necessarily protect from ‘Hidden Cobra’ since they use a wide range of vulnerabilities.”
What is Hidden Cobra?
According to authorities in the U.S. government, Hidden Cobra is a cyber espionage group that has been active for the past 8 years and is supported by the North Korean government.
The group is also known as the Lazarus Group or the Guardians of Peace, which, according to the FBI, has been previously tied to the 2014 Sony hacking incident and the WannaCry ransomware attack.
What can be done?
- Ask your IT department or IT consultant to review the Hidden Cobra update and implement the Suggested Safeguards.
- Make sure all Windows operating system updates have been installed.
- Update Adobe Flash Player and Microsoft Silverlight or remove Adobe Flash Player and Microsoft Silverlight from use if they are not needed.