ºÚÁÏÕýÄÜÁ¿

August Vulnerabilities of Interest to the Health Sector 

In August 2024, vulnerabilities to the health sector have been released that require attention. This includes the monthly Patch Tuesday vulnerabilities released by several vendors on the second Tuesday of each month, along with mitigation steps and patches. Vulnerabilities for August are from Microsoft, Google/Android, Apple, Mozilla, Cisco, SAP, Adobe, Fortinet, Ivanti and Atlassian. A vulnerability is given the classification of a zero-day when it is actively exploited with no fix available, or if it is publicly disclosed. HC3 recommends patching all vulnerabilities with special consideration to the risk management posture of the organization. 

Importance to the HPH Sector 

Department Of Homeland Security/Cybersecurity & Infrastructure Security Agency 
The Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) added a total of nineteen vulnerabilities in August to their . 

This effort is driven by , which established the Known Exploited Vulnerabilities Catalog as a living list of known CVEs that carry significant risk to the U.S. federal enterprise. 

Vulnerabilities that are entered into this catalog are required to be patched by their associated deadline by all U.S. executive agencies. While these requirements do not extend to the private sector, HC3 recommends all healthcare entities review the vulnerabilities in this catalog and consider prioritizing them as part of their risk mitigation plan. The full database can be found .