mcn healthcare logo

HHS Issues Cyber Notice: Hidden Cobra and Microsoft Updates

cyber attack

HHS Issues Cyber Notice: Hidden Cobra and Microsoft Updates

The US Department of Health and Human Services Office of the National Coordinator for Health Information Technology has issued a SPR/CIP HPH Cyber Notice about Hidden Cobra and Microsoft Updates.

According to the Cyber Notice, there have been two recent reports released by Microsoft and the Department of Homeland Security (DHS) about multiple vulnerabilities with Microsoft products, including the Windows operating system, and a threat by a group DHS labels as “Hidden Cobra”.

Both relate to the same type of vulnerability that allowed WannaCry to spread. Importantly, simply installing the Microsoft patches will not necessarily protect from “Hidden Cobra” since they use a wide range of vulnerabilities. DHS states “Hidden Cobra” targets are “…the media, aerospace, financial, and critical infrastructure sectors in the United States and globally”, so targeting of the Healthcare and Public Health sector systems and devices in the U.S. is possible.

Suggested Safeguards:

The Cyber Notice urges healthcare providers to review the HHS’ Cybersecurity Program compilation of technical information and resources to support efforts to mitigate this threat.


Regulatory Compliance Solutions for Healthcare Organizations
Our comprehensive compliance suite includes:

 Policy Management Software | Policy Library Templates
StayAlert! – Regulatory Alert System | Learning Management System

Learn more. Visit

We are expanding our team! Click here for more information.

Got it!