HC3 Sector Alert TLP White: Cybersecurity Vulnerabilities of Interest to the Health Sector

May 19, 2020

In recent days, a number of vulnerabilities in common information systems which are relevant to organizations in the healthcare sector have been disclosed to the public. These vulnerabilities are from Microsoft and Adobe as well as highlights from a joint DHS/FBI report on the most impactful vulnerabilities in recent years. The vulnerabilities highlighted in this report have been selected because they meet two criteria. First, they are significant in that they have the potential to allow an attacker to cause significant harm to the target organization. Second, they are likely to be included in the enterprise infrastructure of a healthcare organization. Further details on these vulnerabilities can be found below, along with their potential effects if exploited as well as patches.

Related Resources

Advancing Health Podcast
Public
On this AHA Advancing Health podcast, John Riggi, AHA senior advisor for cybersecurity and risk, speaks with his former FBI colleague Mike Orlando, acting…
Advisory
Public
Microsoft has released out-of-band security updates to address a remote code execution (RCE) vulnerability — known as PrintNightmare (CVE-2021-34527) — in the…
Advancing Health Podcast
Public
Hospitals and health systems have frequently been the target of high-impact ransomware attacks. In this podcast, John Riggi, AHA senior advisor for…
Letter/Comment
As a national critical infrastructure designated by the U.S. Department of Homeland Security, the healthcare sector faces an urgent need to strengthen the…
Letter/Comment
As a national critical infrastructure designated by the U.S. Department of Homeland Security, the healthcare sector faces an urgent need to strengthen the…
Advisory
Public
This cyber advisory reflects the FBI’s May 20 Conti alert, along with resources from AHA and other organizations.