The departments of Homeland Security (DHS) and Health and Human Services (HHS) are warning health care providers of vulnerabilities in Microsoft operating systems that could expose entities’ systems to malicious actors.
One identified vulnerability affects the validation process for Windows Elliptic Curve Cryptography (ECC) certificates, which could allow attackers to modify, decrypt, or inject data on Windows users’ connections.
The other vulnerability is in the Windows remote desktop client and could expose Windows users to malicious servers.
Microsoft has made patches for these vulnerabilities, and HHS is urging health care providers to install these patches to minimize risk.
America’s Essential Hospitals has established a resource page on IT security for essential hospitals. Visit this page for new information and updates.
Contact Senior Director of Policy Erin O’Malley at firstname.lastname@example.org or 202.585.0127 with questions.