• Helping you with HIPAA Security Solutions.
  • Call Us (631) 403-6687
  • Office HrsMon - Fri: 9.00am to 5:00pm
Log InSign Up

Important Updates from the Cybersecurity and Infrastructure Security Agency

  • March 11, 2025
  • By justina
  • 0 Comments

Important Updates from the Cybersecurity and Infrastructure Security Agency

by Michael Brody, DPM, CEO TLD Systems

CISA has published “Reducing the Significant Risk of Known Exploited Vulnerabilities” A binding operational directive is a compulsory direction to federal, executive branch, departments and agencies for purposes of safeguarding federal information and information systems.

Your practice is probably not a federal, executive ranch department or federal agency so you are not required to follow the guidelines in this publication, but you should consider each of the steps outlined if they are feasible for your organization.   I strongly recommend that you share this document with your IT vendor or the internal IT person in your practice for review.

This document discusses: 

What is the difference between vulnerabilities listed in the National Vulnerability Database (NVD) and those in CISA’s catalog of Known Exploited Vulnerabilities (KEVs)?

Known exploited vulnerabilities (KEV) should be the top priority for remediation. Based on a study of historical vulnerability data dating back to 2019, less than 4% of all known vulnerabilities have been used by attackers in the wild.

Recent increases in teleworking have amplified these issues and made updating and securing remote and roaming devices more challenging. CISA has published a Capacity Enhancement Guide on Remote Patch and Vulnerability Management to help agencies better manage their remote devices.

The document goes on to provide additional guidance.  Once again this is binding on federal agencies, and you are not required (at least by the directive) to follow all of the guidance in this document it is important to remember that under HIPAA you must do everything that is reasonable to protect your data.  Beginning next week, we will start publishing the Known Exploited Vulnerabilities as new ones are identified.  We will also be adding a link on our website to the CISA resources.

Cybersecurity can be complex, and our goal is to provide you and your IT team with information and resources to protect your patient data.

 

For more information contact TLD Systems at

info@tldsystems.com

https://www.tldsystems.com

or (631) 403 6687

 

Tags: CybersecuritySecurityVulnerabilitiesRisk
justina

Justina

Read Comments

Add Your Comment