New healthcare cybersecurity threat: Hidden Cobra

Cyber crime shaping healthcare IT

The United States Department of Health and Human Services (HHS) and Office for Civil Rights (OCR) has issued a cyber notice to the healthcare industry about a potential threat to healthcare cybersecurity.

The threat comes from a malicious cyber hacking group called Hidden Cobra.

On June 15th, 2017, the Office of Civil Rights (OCR) of HHS released an online notice notifying the whole healthcare IT community about a new threat, Hidden Cobra.

The notice was issued in response to two reports by the Department of Homeland Security and Microsoft that states “multiple vulnerabilities with Microsoft products, including the Windows operating system, and a threat by a group DHS labels as ‘Hidden Cobra.’

The threat relates to the same type of vulnerability that allowed WannaCry to spread. Importantly, simply installing the Microsoft patches will not necessarily protect from ‘Hidden Cobra’ since they use a wide range of vulnerabilities.”

What is Hidden Cobra?

According to authorities in the U.S. government, Hidden Cobra is a cyber espionage group that has been active for the past 8 years and is supported by the North Korean government.

The group is also known as the Lazarus Group or the Guardians of Peace, which, according to the FBI, has been previously tied to the 2014 Sony hacking incident and the WannaCry ransomware attack.

What can be done?

  • Ask your IT department or IT consultant to review the Hidden Cobra update and implement the Suggested Safeguards.
  • Make sure all Windows operating system updates have been installed.
  • Update Adobe Flash Player and Microsoft Silverlight or remove Adobe Flash Player and Microsoft Silverlight from use if they are not needed.
Try Paubox Email Suite for FREE today.

About the author

Phuong Tran

Phuong Tran is a Carnegie Mellon University-Heinz College graduate with a degree in healthcare policy and management. In his spare time he enjoys discovering new restaurants and playing basketball.

Read more by Phuong Tran

Get started with
end-to-end protection

Bolster your organization's security with state-of-the-art email encryption and inbound email security.

Highest rated HIPAA compliant messaging solution on G2

EmailEncryption BestMeetsRequirements MeetsRequirements
SecureEmailGateway MostImplementable Total
SecureEmailGateway Leader Leader
SecureEmailGateway EasiestToUse EaseOfUse
SecureEmailGateway EasiestAdmin EaseOfAdmin
SecureEmailGateway BestUsability Total
SecureEmailGateway BestResults Total
SecureEmailGateway BestRelationship Total
EmailEncryption UsersMostLikelyToRecommend Nps
EmailEncryption MomentumLeader Leader
SecureEmailGateway BestSupport Mid Market QualityOfSupport
EmailEncryption BestMeetsRequirements MeetsRequirements
SecureEmailGateway MostImplementable Total
SecureEmailGateway Leader Leader
SecureEmailGateway EasiestToUse EaseOfUse
SecureEmailGateway EasiestAdmin EaseOfAdmin
SecureEmailGateway BestUsability Total
SecureEmailGateway BestResults Total
SecureEmailGateway BestRelationship Total
EmailEncryption UsersMostLikelyToRecommend Nps
EmailEncryption MomentumLeader Leader
SecureEmailGateway BestSupport Mid Market QualityOfSupport