HHS: Apply critical OpenSSL security patch as soon as deployed Nov. 1

Oct 31, 2022 - 04:03 PM
cybersecurity-hand-lock-graphic_900x400

The Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center highly recommends all health sector organizations immediately test and deploy a critical OpenSSL patch when it becomes available Nov. 1, because many of the most common operating systems and applications use the OpenSSL software library for secure communications.

“Once again we have ubiquitous, embedded third-party technology that is often out of view of the end users and cybersecurity teams creating cyber risk exposure for our hospitals and health systems,” said John Riggi, AHA’s national advisor for cybersecurity and risk. “This also highlights the ongoing need for a software bill of materials for medical devices and other pieces of mission-critical medical technology. Identifying instances of OpenSSL in your infrastructure will certainly help expedite deployment of the patch — remember the cyber ‘bad guys’ have the same notice of this vulnerability and now it’s a race to patch, before they exploit it.”

Related News Articles

Headline
HHS alerts health sector to pro-Russian hacktivist threat
A pro-Russian hacktivist group known for distributed denial-of-service (DDoS) attacks against countries supporting Ukraine on Jan. 28 allegedly released attack…
Headline
FBI disrupts ransomware network targeting hospitals and others
The FBI last night seized control of servers and websites used by the Hive ransomware network to target hospitals and other critical infrastructure, and…
Headline
HHS: Ransomware groups continue to target U.S. health sector
The Royal and Blackcat ransomware groups continue to aggressively target the U.S. health sector, according to a recent advisory from the Department of…
Headline
AHA podcast: Developing a Universal and Secure Electronic Health Information System 
National Coordinator for Health Information Technology Micky Tripathi talks with AHA’s Nancy Foster about what his office is doing to help achieve a health…
Headline
HHS bulletin reviews latest cyberthreats to health care 
The latest quarterly bulletin from the Department of Health and Human Services’ Healthcare Cybersecurity Coordination Center reviews cyberthreats to the…
Headline
HHS alerts health sector to new ransomware threat 
The Clop ransomware group has been sending health care facilities ransomware-infected medical files disguised to appear to come from legitimate doctors, then…