ASPR: Cyber Response Call on Mitigation Steps for the Critical Microsoft Windows PrintNightmare Vulnerability

Healthcare and Public Health Sector Cybersecurity Notification
TLP White
July 19, 2021

This email notification was produced by the Division of Critical Infrastructure Protection (CIP) within the U.S. Department of Health and Human Services’ (HHS) Office of the Assistant Secretary for Preparedness and Response (ASPR).

Call Details

HHS ASPR and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) are hosting a call on mitigtaion steps for the critical Microsoft PrintNightmare vulnerability from 1:00 - 3:00 PM ET on Thursday, July 22. The PrintNightmare vulnerability is a “critical” exploit that affects the Windows print queue. This vulnerability allows attackers to execute remote code on your devices and take control of them. The mitigation process for the PrintNightmare vulnerability is a complicated and multistep process. Applying the patch is the first step, but there are more steps required. Please join the call and review the materials in the resources section for remediation steps necessary beyond the patch.

Call Details

Time: 1:00 - 3:00 PM ET on Thursday, July 22
Participant Dial-in: 800-857-6546
Participant Pin: 6326958

Subject matter experts (SME) will provide an explanation of the current alerts on the PrintNightmare vulnerability and the further threat of ransomware it presents. SME’s will also discuss the detail behind mitigations due to their complexity by sharing their lessons/observations from their engagements with Federal entities also dealing with this vulnerability.

The intent of this call is to have a technical discussion that is geared more towards security and IT teams, not necessarily the C-suite/Executive/CIO/CISO level. Participants will walk away more confident in their current actions or better prepared to implement the mitigations correctly.

CISA is aware of active exploitation, by multiple threat actors, of the PrintNightmare vulnerability. Exploitation of the vulnerability allows an attacker to remotely execute code with system level privileges enabling a threat actor to quickly compromise the entire identity infrastructure of a targeted organization.

Resources for HPH Stakeholders

Subscribe to HPH Sector Cyber Notifications

Did a colleague forward you this HPH Sector Cyber Notification? Receive these cyber notifications directly by subscribing to the HPH Sector bulletins. HPH Sector bulletins inform stakeholders about the most significant issues facing the sector including cybersecurity, medical supply chains, COVID-19, and more. If you are interested in receiving cyber notifications or other HPH Sector bulletins, visit the CIP bulletins subscription webpage.

Comments and Questions

If you have comments or questions, send an email to The CIP team will work to answer your inquiries or connect you to the proper entity. 

Traffic Light Protocol (TLP) Designation: WHITE

TLP: WHITE information may be distributed without restriction

Disclaimer: ASPR provides the above sources of information for the convenience of the HPH Sector community and is not responsible for the availability or content of the information or tools provided, nor does ASPR endorse, warrant or guarantee the products, services or information described or offered. It is the responsibility of the user to determine the usefulness and applicability of the information provided. 

U.S. Department of Health & Human Services, Office of the Assistant Secretary for Preparedness & Response
200 C Street, SW
Washington, DC 20024

For help with Cybersecurity and Risk Advisory Services exclusively for AHA members, contact:

John Riggi

Senior Advisor for Cybersecurity and Risk, AHA

(O) +1 202 626 2272

(M) +1 202 640 9159

Related Resources

Fact Sheets
It is imperative that Congress invest in America’s hospitals and health systems to ensure that the nation’s health care needs can be met today and into the…
The American Hospital Association (AHA) would like to share hospital and health system priorities that would benefit patients and communities around the…
Advancing Health Podcast
On this AHA Advancing Health podcast, John Riggi, AHA senior advisor for cybersecurity and risk, speaks with his former FBI colleague Mike Orlando, acting…
Microsoft has released out-of-band security updates to address a remote code execution (RCE) vulnerability — known as PrintNightmare (CVE-2021-34527) — in the…
Advancing Health Podcast
Hospitals and health systems have frequently been the target of high-impact ransomware attacks. In this podcast, John Riggi, AHA senior advisor for…
As a national critical infrastructure designated by the U.S. Department of Homeland Security, the healthcare sector faces an urgent need to strengthen the…