The Health Sector Cybersecurity Coordination Center (HC3) of the Department of Health and Human Services has advised the health care industry to promptly address 14 new cyber vulnerabilities identified by the Cybersecurity and Infrastructure Security Agency in May. These vulnerabilities affect various companies including Baxter Welch Allyn, Microsoft, Google/Android, Apple, Mozilla, Cisco, SAP, Adobe, Fortinet, and Atlassian. Additionally, HC3 recommended system updates following the disclosure of a critical remote code execution vulnerability in Hypertext Preprocessor (PHP). Furthermore, mitigation efforts are being suggested for Snowflake users after an increase in cyber threats targeting certain customer accounts on the platform.
According to John Riggi, AHA national advisor for cybersecurity and risk, the ongoing parade of significant vulnerabilities in third-party technology is posing a significant threat to health care providers. He emphasized that the primary cyber risk faced by hospitals and health systems is externally derived rather than internal. Riggi stressed the importance of technology and software developers following the principles of ‘secure by design and secure by default’ in order to secure the health care field. He also called on third-party providers to implement the voluntary healthcare cybersecurity performance goals to enhance security in the sector.
To learn more about cyber and risk issues or access the latest resources and threat intelligence, individuals can contact John Riggi at jriggi@aha.org or visit aha.org/cybersecurity.
