Healthcare Sector Urged to Address OpenSSL Flaws

November 9, 2022 Ben Denkers

Healthcare organizations should be ready to find and patch instances of OpenSSL 3.0, warn cybersecurity experts.

The open source project behind the secure communications application released Tuesday a patch for two vulnerabilities it rated as high risk after setting much of the cybersecurity world on fire when a week ago it said one of the bugs posed "critical" levels of risk.

The last time the OpenSSL Project released a critical path was Heartbleed (see: Not Heartbleed: OpenSSL Vulnerability Not 'Critical' Anymore).

The Department of Health and Human Services' Health Sector Cybersecurity Coordination Center warned the healthcare sector ahead of today's patch to be on the lookout for it. OpenSSL says none of the vulnerabilities appear to have been exploited in the wild.

Ben Denkers, chief innovation officer at security and privacy consultancy firm CynergisTek, part of Clearwater, says an organization's ability to patch the vulnerabilities is a larger measure of its maturity. "These vulnerabilities really test the organization’s capabilities in terms of understanding what their potential exposure is. The better an organization is at keeping an updated Configuration Management Database, the easier it becomes to identify."

Most organizations struggle with their ability to keep an updated configuration management database, he adds.

Keep reading here

About the Author

Ben Denkers

Ben Denkers is the CIO at CynergisTek where he is responsible for supporting growth, ensuring effective and efficient service delivery, and achieving the highest levels of client and employee satisfaction for CynergisTek’s security, privacy and compliance services. Denkers has nearly 20 years of experience in information security and consulting that includes markets such as finance, automotive, energy, manufacturing, and healthcare. With the threat landscape changing daily, this breadth of experience provides a unique perspective to the industry specific risks organizations face. He has been recognized for building, training, and optimizing team productivity. His strong focus on providing the operating framework, training, and development, and decisive leadership has empowered his teams to achieve tremendous success and drive business growth.

Follow on Linkedin Visit Website More Content by Ben Denkers
Previous Article
A Cybersecurity CEO's Take on Mitigating Cyber Risk & Preparing for a Healthcare Ransomware Attack
A Cybersecurity CEO's Take on Mitigating Cyber Risk & Preparing for a Healthcare Ransomware Attack

Next Article
Cybersecurity Awareness Throughout the Technical Supply Chain
Cybersecurity Awareness Throughout the Technical Supply Chain

Healthcare security experts are offering their two cents on the technical supply chain as part of a cyberse...