The Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center (HC3) yesterday urged health care organizations to install patches to protect their Microsoft Windows operating systems and servers against two high-risk remote desktop protocol vulnerabilities known collectively as DejaBlue. As with BlueKeep and WannaCry ransomware, the DejaBlue vulnerabilities are “wormable,” meaning they can spread automatically. The health care sector is vulnerable due to widespread use of legacy systems susceptible to this vulnerability, including embedded systems in medical devices. Newer systems vulnerable to DejaBlue further complicate the attack surface. For more information, see the HHS report. John Riggi, AHA senior advisor for cybersecurity and risk, also is available to answer questions on this and other cyber-related issues at jriggi@aha.org

Related News Articles

Headline
In part two of a recent blog, AHA National Advisor for Cybersecurity and Risk John Riggi and AHA Deputy National Advisor for Cybersecurity and Risk Scott Gee…
AHA Cyber Intel
In part one of this blog, we reviewed the number of cyberattacks the health care field endured this year compared to last; provided an overview of the lessons…
Headline
The Cybersecurity and Infrastructure Security Agency Oct. 15 released an emergency directive advising federal agencies to take stock of their F5 BIG-IP…
Headline
In part one of a new blog, John Riggi, AHA national advisor for cybersecurity and risk, and Scott Gee, AHA deputy national advisor for cybersecurity and risk,…
Perspective
Public
This week, the FBI issued an urgent warning to all users — including hospitals — of a critical security soft spot within Oracle’s E-Business Suite, stating “…
Headline
The Health Sector Coordinating Council Oct. 7 released its Sector Mapping and Risk Toolkit, created to help health care providers and other organizations…