The Department of Health and Human Services' Health Sector Cybersecurity Coordination Center (HC3) announced this week that the health sector must implement patches and mitigations to address 21 new cyber vulnerabilities identified in January by the Cybersecurity and Infrastructure Security Agency. It recommended that it be introduced quickly. This vulnerability affects Ivanti, Microsoft, Google/Android, Apple, Mozilla, Cisco, SAP, VMWare, Adobe, Fortinet, Atlassian, and Jenkins products and is a critical vulnerability that is actively exploited by cybercriminals. Contains sex.
“These important monthly updates from HC3 are a reminder that vulnerabilities in third-party technology expose hospitals to significant cyber risks, and the need for software developers to do better when it comes to secure software design. John Rigi, the AHA's national advisor for cybersecurity, said. And risk. “Hackers based overseas are also aware of these exposed vulnerabilities, and their strategy is simple and effective: hack before you patch.” Hospitals and health systems are encouraged to follow HHS's voluntary cybersecurity performance goals and maintain effective risk-based vulnerability management and third-party risk management programs. ”
For more information about this or other cyber and risk issues, please contact Riggi at jriggi@aha.org. For the latest cyber and risk resources and threat intelligence, visit aha.org/cybersecurity.
