The Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center highly recommends all health sector organizations immediately test and deploy a critical OpenSSL patch when it becomes available Nov. 1, because many of the most common operating systems and applications use the OpenSSL software library for secure communications.

“Once again we have ubiquitous, embedded third-party technology that is often out of view of the end users and cybersecurity teams creating cyber risk exposure for our hospitals and health systems,” said John Riggi, AHA’s national advisor for cybersecurity and risk. “This also highlights the ongoing need for a software bill of materials for medical devices and other pieces of mission-critical medical technology. Identifying instances of OpenSSL in your infrastructure will certainly help expedite deployment of the patch — remember the cyber ‘bad guys’ have the same notice of this vulnerability and now it’s a race to patch, before they exploit it.”

Related News Articles

Headline
A pro-Russian hacktivist group known for distributed denial-of-service (DDoS) attacks against countries supporting Ukraine on Jan. 28 allegedly released attack…
Headline
The FBI last night seized control of servers and websites used by the Hive ransomware network to target hospitals and other critical infrastructure, and…
Headline
The Royal and Blackcat ransomware groups continue to aggressively target the U.S. health sector, according to a recent advisory from the Department of…
Headline
National Coordinator for Health Information Technology Micky Tripathi talks with AHA’s Nancy Foster about what his office is doing to help achieve a health…
Headline
The latest quarterly bulletin from the Department of Health and Human Services’ Healthcare Cybersecurity Coordination Center reviews cyberthreats to the…
Headline
The Clop ransomware group has been sending health care facilities ransomware-infected medical files disguised to appear to come from legitimate doctors, then…