The Department of Health and Human Services is alerting health care professionals of two reports on security vulnerabilities.

The reports — released by Microsoft and the Department of Homeland Security (DHS) — address the same vulnerability that allowed the WannaCry virus to spread earlier this year.

In Microsoft’s report, the company urges users to install security updates to protect against vulnerabilities, including a patch to protect the server message block (SMB) protocol exploited in the WannaCry attack, which also can be exploited through the Windows search service. If left unpatched, SMB vulnerabilities can spread quickly through internal corporate networks. Microsoft also encourages the installation of a patch to prevent malicious code from spreading through shortcut icons. Operating systems with automatic updates enabled are protected, but older systems might need to be manually updated.

Meanwhile, a technical alert from DHS warns of “Hidden Cobra,” a malicious effort by the North Korean government to target the media, aerospace, financial, and critical infrastructure sectors. Hidden Cobra actors exploit vulnerabilities in older versions of Microsoft operating systems, as well as vulnerabilities in Adobe Flash Player.

How To Protect Against Vulnerabilities

HHS recommends that health care organizations educate and protect themselves against these vulnerabilities by:

America’s Essential Hospitals has established a resource page dedicated to cybersecurity threats. Visit this page regularly for new and updated information.

Contact Director of Policy Erin O’Malley at eomalley@essentialhospitals.org or 202.585.0127 with questions.