Organizations urged to quickly patch software vulnerabilities

Aug 07, 2023 - 03:03 PM
oig-fda-cybersecurity

U.S. and other allied nations’ cybersecurity agencies urged software vendors to implement secure design practices and organizations to implement a centralized patch management system and apply timely patches, noting that malicious actors in 2022 most often targeted known vulnerabilities. 

John Riggi, AHA’s national advisor for cybersecurity and risk, said, “When it comes to technical exploitation of computer networks, this very useful is alert shows that cyber adversaries most often take the simplest and most efficient route to attack computer networks. When the opportunity presents itself, they exploit unpatched, well known internet-facing vulnerabilities. They simply ‘hack before we patch.’ Vulnerability management is a challenge in any organization, especially in health care, where we are often dependent upon third-party technology and medical device manufacturers to issue and deploy patches. Due diligence is required to ensure all available patches have been prioritized and implemented, especially those that are highly critical and may impact patient care and safety directly.”    

For more information on this or other cyber and risk issues, contact Riggi at jriggi@aha.org. For the latest cyber and risk resources and threat intelligence, visit aha.org/cybersecurity.

Related News Articles

Headline
Tactics by Scattered Spider cybercriminals highlighted in joint advisory 
The FBI, Cybersecurity and Infrastructure Security Agency and international agencies July 29 released a joint advisory on recent tactics by the Scattered…
Headline
Microsoft says China-based threat actors behind SharePoint attacks 
Microsoft July 22 released an update on the ongoing cyberattacks to SharePoint servers used within organizations, attributing the incidents to China-based…
Headline
Agencies warn of activity by Interlock ransomware
The FBI, Cybersecurity and Infrastructure Security Agency, Department of Health and Human Services, and Multi-State Information Sharing and Analysis Center…
Headline
Microsoft issues alert on vulnerabilities in ongoing SharePoint attacks 
Microsoft July 19 issued an alert about active attacks from vulnerabilities targeting SharePoint servers used within organizations. The incidents have not…
Headline
AHA blog: Why and How to Incorporate Physical Security Risk into Your Enterprise Risk Management
In his latest AHA Cyber and Risk Intel blog, Scott Gee, AHA deputy national advisor for cybersecurity and risk, explains how hospitals can prepare for and…
AHA Cyber Intel
Why and How to Incorporate Physical Security Risk into Your Enterprise Risk Management
In today’s heightened threat environment, driven by domestic and geopolitical issues, it is more critical than ever for hospitals to prepare for and mitigate…