Skip to Main Content
Don't have an account? Create Account
Don't have an account? Create Account

DHS, HHS Warn Providers of Microsoft Cyber Vulnerabilities

The departments of Homeland Security (DHS) and Health and Human Services (HHS) are warning health care providers of vulnerabilities in Microsoft operating systems that could expose entities’ systems to malicious actors.

One identified vulnerability affects the validation process for Windows Elliptic Curve Cryptography (ECC) certificates, which could allow attackers to modify, decrypt, or inject data on Windows users’ connections.

The other vulnerability is in the Windows remote desktop client and could expose Windows users to malicious servers.

Microsoft has made patches for these vulnerabilities, and HHS is urging health care providers to install these patches to minimize risk.

America’s Essential Hospitals has established a resource page on IT security for essential hospitals. Visit this page for new information and updates.

Contact Senior Director of Policy Erin O’Malley at or 202.585.0127 with questions.


About the Author

Shahid Zaman is a senior policy analyst at America's Essential Hospitals.

Previous Next
Test Caption
Test Description goes like this