Cybersecurity authorities in the United States, Australia, Canada, New Zealand and United Kingdom today advised organizations to apply timely patches and implement a centralized patch management system to reduce their risk of compromise from the most common cyber vulnerabilities exploited by malicious cyber actors in 2021 and 2020.

John Riggi, AHA’s national advisor for cybersecurity and risk, said, “According to this advisory from the ‘Five Eyes’ nations, hackers develop and deploy malware that exploits a known vulnerability within two weeks of its public release. This is often far quicker than patches are available and organizations can implement them — especially in hospitals, where patches must be thoroughly tested before being applied to ensure uninterrupted care delivery and patient safety. This advisory gives us clear direction on the most exploited vulnerabilities that should be prioritized for patching, if not already done so. It is also clear that hackers are often less interested in identifying an unknown or ‘zero-day’ vulnerability for exploitation than they are in simply beating us in a race to ‘exploit before we patch.’” 

Related News Articles

Headline
The National Security Agency April 23 released a report on operational technology systems that includes recommendations for security policies and technical…
Chairperson's File
Public
Cybersecurity and physical threats are unfortunately significant enterprise risks for health care, regardless of size or location. Every hospital, physician…
Headline
The Cybersecurity and Infrastructure Security Agency April 17 released guidance to reduce risks associated with a reported breach of Oracle cloud services.…
Headline
The National Counterintelligence and Security Center, the FBI, and the Defense Counterintelligence and Security Center yesterday released guidance on…
AHA Cyber Intel
While the rate of cyberattacks on hospitals has risen dramatically, the severity of the impacts has also grown exponentially. Let’s look at the state of cyber…
Headline
The House Energy and Commerce Oversight and Investigations Subcommittee April 1 discussed cybersecurity threats in legacy medical devices during a hearing. The…