Healthcare Organizations Warned About Two Major Computer Processor Vulnerabilities
The National Health Information Sharing and Analysis Center (NH-ISAC) has issued a warning to the industry regarding two new cybersecurity vulnerabilities impacting processors in nearly every computer and mobile device.
The two vulnerabilities, known as Meltdown and Spectre, were revealed by cybersecurity researchers earlier this week, prompting technology companies like Microsoft, Google, Intel and Apple to release patches. In a blog post on Wednesday, Jann Horn with Google’s Project Zero, said he and other researchers reported the vulnerability to manufacturers in June.
According to researchers, the vulnerabilities “allow programs to steal data which is currently processed on the computer” including information stored in the computer’s memory.
“This might include your passwords stored in a password manager or browser, your personal photos, emails, instant messages and even business-critical documents,” they wrote.
For the healthcare industry, “the perception of this vulnerability will be greater than the actual impact of the potential compromise,” an alert (PDF) from NH-ISAC’s Threat Intelligence Committee warned. The larger impact involves depleted processor performance ranging from 5% to 40%.
“Healthcare organizations will be asked to deploy the patch without understanding the actual risk and the business impact of degradation of service,” the alert stated.
NH-ISAC recommended healthcare organizations analyze IT asset inventory to determine which machines are potential targets, list applications dependent on fast throughput that could be at risk if performance degradation is higher than 20% and test patches in a lab environment to determine the actual impact.
The organization also noted that while the possibility of an enterprise exploit “is not high at this time,” cloud vendors could be impacted if left unpatched. The notice said AWS began patching in mid-December and have been aware of the voluntarily for at least a month.
- 1. CMS Changes Name of EHR Incentive Programs and Advancing Care Information to “Promoting Interoperability”
- 2. The Top 5 Benefits of Staying Independent as a Physician
- 3. Long Island Provider Exposes Data of 42,000 Patients in Misconfigured Database
- 4. CMS to Fund $30 Million in Grants for New Quality Measures
- 5. Chronic Care Management Program Saving Money, Improving Care
Affordable Care Act (ACA)
chronic care management
Doctors Administrative Solutions
electronic health records
Health Information Exchange (HIE)
quality payment program