The Cybersecurity and Infrastructure Security Agency (CISA) identified 14 newly discovered cyber vulnerabilities affecting various companies and technologies in May. These vulnerabilities, which include Baxter, Microsoft, Google/Android, Apple, Mozilla, Cisco, SAP, Adobe, Fortinet and Atlassian, affect the health care sector. The Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center (HC3) has urged healthcare providers to address these vulnerabilities immediately. Additionally, HC3 issued an advisory recommending that systems be updated following the discovery of a critical remote code execution vulnerability in PHP. Snowflake users have also been advised to implement mitigation efforts after an increase in cyber threats targeting certain customer accounts was detected by the platform.
John Riggi, the AHA national advisor for cybersecurity and risk, emphasized that the continuous identification of significant vulnerabilities in third-party technology impacting health care providers highlights that the primary source of cyber risk for hospitals and health systems is externally derived. Riggi stressed the importance of technology and software developers following the principles of ‘secure by design and secure by default’ in order to truly secure the health care field. He also emphasized the need for third-party providers to implement voluntary healthcare cybersecurity performance goals to enhance security measures.
For more information on cybersecurity and risk issues or to contact John Riggi at jriggi@aha.org for further guidance on security measures for hospitals and health systems. Additionally, individuals can visit aha.org/cybersecurity to access the latest resources and threat intelligence related to cyber security risks in healthcare industry.
