Organizations urged to protect data from web application vulnerabilities

Aug 02, 2023 - 03:04 PM
cybersecurity-hand-lock-graphic_900x400

U.S. and Australian cybersecurity agencies the week of July 24 warned organizations using web applications about vulnerabilities that enable malicious actors to modify, delete or access sensitive data and urged them to implement recommendations to protect their data from compromise.
 
John Riggi, AHA’s national advisor for cybersecurity and risk, said, “Some of the largest breaches involving the theft of protected health information over the last several years have been related to vulnerabilities in third-party software deployed in health care organizations. We highly recommend that technology and security teams and those involved in the purchase and acquisition of software review this advisory, which provides comprehensive security guidance to both software developers and end users of web applications, application programming interfaces and other software. It highlights best practices for secure coding; reminds end users that all applications should be included in penetration testing and risk assessments; and reinforces the principles of ‘secure by design and secure by default.’”
 
For more information on this or other cyber and risk issues, contact Riggi at jriggi@aha.org. For the latest cyber and risk resources and threat intelligence, visit aha.org/cybersecurity.

Related News Articles

Headline
Open-source text program Notepad++ impacted by critical vulnerability
The National Institute of Standards and Technology Feb. 2 published details on a critical vulnerability that impacted Notepad++, a free, open-source text and…
Headline
FBI launches campaign to protect hospitals, other critical infrastructure against cyberattacks
The FBI has launched a two-month campaign, Operation Winter SHIELD (Securing Homeland Infrastructure by Enhancing Layered Defense), highlighting 10 actions…
Headline
Guides offer strategies on preparing for public health emergencies, cybersecurity incidents 
Two AHA guides offer strategies for hospitals and health systems in preparing for public health emergencies and disasters and managing cybersecurity incidents…
Headline
AHA podcast: Cybersecurity on the Health Care Front Lines Against AI and Ransomware
Larry Pierce, director of cybersecurity and information security officer for Atlantic Health, unpacks how the growth of artificial intelligence is reshaping…
Headline
Agencies issue guidance on secure connectivity for operational technology
U.S. and international agencies Jan. 14 released guidance on secure connectivity for operational technology environments. Examples of OT environments in health…
Headline
AHA expresses support for bill improving cybersecurity workforce in rural hospitals
The AHA Jan. 14 expressed support for the Rural Hospital Cybersecurity Enhancement Act (S. 2169), legislation that would direct the Department of Health and…