Insights
Health Care Client Alert: Dear New Year, Please Keep My Health Care Business from Breaches
on January 3, 2022
Happy New Year! As we begin a new start, you may have a long list of business resolutions since health care businesses are juggling many mission-critical issues—even sans patient care needs. Cybersecurity should always be a top priority. A health care business without its diagnostic, medical records and clinical tools is nearly unusable.
Last week, the Secretary of Health and Human Services published a letter to Health Care and Public Health Leaders notifying them of a technical vulnerability in Apache Log4j, a computer software that logs the activity of many medical devices and hardware. The vulnerability creates a risk for that system and ultimately the network on which that system/device resides to be exfiltrated or hacked by attackers, including with ransomware.
The letter outlines the following steps and strongly recommends that health care operators follow the Cybersecurity & Infrastructure Security Agency’s (CISA) guidance in identifying and addressing this risk.
- Implement the guidance provided by the Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency’s (DHS CISA) for the Apache Log4j information, located at: Apache Log4j Vulnerability Guidance;
- Diligently monitor your networks, raise your cybersecurity awareness, and maintain readiness of your emergency operations procedures and continuity plans; and