The Health Sector Cybersecurity Coordination Center, part of HHS, is urging healthcare organizations to patch up software library OpenSSL's cybersecurity vulnerabilities as soon as updates are released Nov. 1.
The center's alert did not name the way in which the software library is vulnerable; however, it took the rare step of classifying the vulnerability as "critical." The vulnerability is limited to OpenSSL versions 3.0.0 through 3.0.6, according to the alert.
"This vulnerability is applicable across the public and private health sectors and the apparent egregious nature of the vulnerability, exploitation, even on a very large scale, is very possible immediately after patch release on Nov. 1," the alert said. "Threat actors, both state sponsored and cybercriminals, often reverse engineer a patch upon release to understand the technical details of the vulnerability and in order to develop an exploit."