Governments release joint advisory on top cyber vulnerabilities

Jul 28, 2021 - 02:37 PM
Cybersecurity Lock on Gold Wall

The U.S. Cybersecurity and Infrastructure Security Agency and FBI, Australian Cyber Security Centre, and United Kingdom National Cyber Security Centre today released an advisory detailing the top 30 cyber vulnerabilities in 2020 and 2021. 

“Organizations are encouraged to remediate or mitigate vulnerabilities as quickly as possible to reduce the risk of exploitation,” the advisory states. “Most can be remediated by patching and updating systems. Organizations that have not remediated these vulnerabilities should investigate for the presence of [indicators of compromise] and, if compromised, initiate incident response and recovery plans.”

John Riggi, AHA senior advisor for cybersecurity and risk, said, “This advisory is very important for a number of reasons. First, it clearly demonstrates that our cyber adversaries are most likely to exploit well-known vulnerabilities for which patches already exist. They are simply trying to beat us in the never-ending race to patch. This advisory also highlights the necessity of having an effective patch management program, especially as it relates to medical devices. On the plus side, this rare joint U.S., U.K. and Australian cyber advisory demonstrates the significantly increased level of cooperation and intelligence exchange in cyber defense among allied nations. No doubt the information contained in this advisory is of high confidence and should be acted upon immediately.”

For further information on this or other cyber and risk issues, contact Riggi at jriggi@aha.org.
 

Related News Articles

Headline
FBI issues alert on cyber actors impersonating IT personnel 
The FBI has released an alert on a cyber threat group called the Silent Ransom Group, which has targeted healthcare and other industries in recent years using…
Headline
CISA issues revised virtual town hall schedule for input on proposed cyber incident reporting
The Cybersecurity and Infrastructure Security Agency May 26 announced a revised schedule for its series of virtual town hall meetings for public input on…
Headline
Microsoft disrupts Fox Tempest malware attacking health care, other sectors 
Microsoft announced May 19 that it disrupted operations of Fox Tempest, a threat actor operating as a malware-signing-as-a-service used by cybercriminals to…
Headline
Blog highlights top 3 cyber risks for health care in 2026
An AHA Cyber & Risk Intel blog by John Riggi, AHA national advisor for cybersecurity and risk, explores what health care leaders need to consider to reduce…
AHA Cyber Intel
Health Care Cybersecurity Considerations for 2026: This Year’s Top 3 Cyber Risks
Cyberattacks against hospitals, health systems and mission-critical health care third-party providers have surged in recent years. While these attacks often…
Headline
Microsoft warns of sophisticated phishing campaign heavily targeting health care organizations
Microsoft Threat Intelligence is warning of a large scale, multistage phishing campaign that disproportionately targeted the health care sector, sending “code…