Mary Madison, RN, RAC-CT, CDP
Clinical Consultant – Briggs Healthcare
Xavier Becerra, Secretary of the U.S. Department of Health and Human Services issued this letter on December 30, 2021:
Health Care and Public Health Leaders:
Ensuring the safety and security of the nation’s critical health infrastructure is a top priority for the U.S. Department of Health and Human Services (HHS), particularly as we continue to respond to the COVID-19 pandemic.
I am writing to remind you that during the holidays we often see an uptick in cyberattacks and to ask for your help in remaining vigilant against these threats. Additionally, recently, cybersecurity experts identified a vulnerability within Apache Log4j, a ubiquitous piece of software that exists in thousands of applications – including control systems for medical devices and hardware – that, if exploited, could result in data exfiltration or ransomware and significantly disrupt your ability to deliver health care and pose a threat to national security.
As a result, I strongly encourage you to:
- Implement the guidance of the Department of Homeland Security Cybersecurity and Infrastructure Security Agency’s (DHS CISA) for the Apache Log4j information, located at: Apache Log4j Vulnerability Guidance;
- Review cybersecurity resources from HHS and the Cybersecurity & Infrastructure Security Agency (CISA);
- Diligently monitor your networks, raise your cybersecurity awareness, and maintain readiness of your emergency operations procedures and continuity plans; and
- Promptly report any cybersecurity incidents to email@example.com (CISA) or the https://www.ic3.gov/ (FBI).
As health care and public health leaders, we rely on your vigilance and partnership to protect our country from nefarious actors looking to disrupt or exploit our critical health infrastructure. Thank you for your ongoing partnership and for whatever steps you can take to stay vigilant during this holiday season.
If you have any questions or need assistance, please contact the firstname.lastname@example.org (HHS Critical Infrastructure Division).