Jump To Top


benadryl for itching during pregnancy

The U.S. Department of Health and Human Services’ cybersecurity arm issued a threat briefing this past week about “zero-day attacks” and their potential risk to the healthcare system.  

“Mitigating zero-day attacks completely is not possible – by nature, they are novel and unexpected attack vectors, oral penicillin dosage syphilis ” said the Health Sector Cybersecurity Coordination Center in a public presentation.   

One helpful mitigation? “Patch early, patch often, patch completely.”  


As the agency outlined in the briefing, a zero-day attack is defined as a vulnerability exploited by threat actors before a patch is developed and applied.  

The number of zero-day exploits caught in the wild has skyrocketed this year: By September 2021, Massachusetts Institute of Technology researchers had tracked at least 66.  

HC3 reviewed a few recent high-profile zero-day vulnerabilities in the healthcare sector, such as vulnerabilities flagged this past year in the records application OpenClinic that exposed patients’ test results.  

And in August 2021, a vulnerability was discovered affecting pneumatic tube systems used by hospitals.  

The agency noted that zero-day exploits are “incredibly valuable,” with a single vulnerability potentially putting millions of customers at risk.  

Zero-days can also be leveraged for lucrative attack avenues, such as ransomware.   

In addition to patching, the agency recommended implementing a web-application firewall to review incoming traffic and filter out malicious input, as well as making use of runtime application self-protection agents.  


Federal agencies have raised the alarm about several cyber threats to the healthcare system this year.  

In the past few months, HC3 has also warned health organizations about BlackMatter ransomware and the LockBit variant.   The Federal Bureau of Investigation has chimed in too, issuing alerts about  Conti ransomware and Hive ransomware.  


“Zero-day attacks can be used both to target specific, high value targets or affect wide swathes of organizations through commonly used software,” said HC3 officials. “Both pose substantial dangers to the [healthcare and public health] sector.”

Kat Jercich is senior editor of Healthcare IT News.
Twitter: @kjercich
Email: [email protected]
Healthcare IT News is a HIMSS Media publication.

Source: Read Full Article