The Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center highly recommends all health sector organizations immediately test and deploy a critical OpenSSL patch when it becomes available Nov. 1, because many of the most common operating systems and applications use the OpenSSL software library for secure communications.

“Once again we have ubiquitous, embedded third-party technology that is often out of view of the end users and cybersecurity teams creating cyber risk exposure for our hospitals and health systems,” said John Riggi, AHA’s national advisor for cybersecurity and risk. “This also highlights the ongoing need for a software bill of materials for medical devices and other pieces of mission-critical medical technology. Identifying instances of OpenSSL in your infrastructure will certainly help expedite deployment of the patch — remember the cyber ‘bad guys’ have the same notice of this vulnerability and now it’s a race to patch, before they exploit it.”

Related News Articles

Headline
U.S. and international agencies Feb. 29 urged health care and other critical infrastructure organizations using Ivanti Connect Secure VPN and Ivanti Policy…
Perspective
The cyberattack against Change Healthcare that began on Feb. 21 is the most serious incident of its kind leveled against a U.S. health care organization.Nine…
Headline
Organizations using the National Institute of Standards and Technology’s Cybersecurity Framework as their primary cybersecurity framework report one-third…
Headline
President Biden Feb. 28 directed the Department of Justice to issue regulations to protect personal health and other data from countries known to collect and…
Headline
The FBI, Cybersecurity & Infrastructure Security Agency, and Department of Health and Human Services Feb. 27 released updated recommendations to help…
Headline
Russian state-sponsored cyber actors are using compromised Ubiquiti EdgeRouters to facilitate malicious cyber operations worldwide, the FBI and other agencies…