Agencies issue memory safe programming guidance, spear-phishing update

In new guidance for software manufacturers, cybersecurity agencies in the US and United Kingdom urge every software manufacturer to implement memory safe programming languages ​​(MSLs) and publish a roadmap that details how they will eliminate MSL vulnerabilities in their products.

In other news, the agencies recently recommended actions to defend against Star Blizzard, a Russia-based threat that continues to target organizations and individuals with spear-phishing campaigns.

John Riggi, AHA’s national advisor for cybersecurity and risk, said the MSL resource “will help organizations to design technology that incorporates the cybersecurity principles of ‘secure by design, secure by default.’ This is important for health care, as a significant portion of cyber risk we are exposed to originates from third-party technology that contains an unacceptable level of technical vulnerabilities. The Star Blizzard alert highlights the collusion that often occurs between Russian intelligence services and Russia-based cyber criminal groups, making these threats very formidable to defend against by an individual hospital and health system. This threat also highlights the need for health care to continue to exchange cyber threat information with the federal government to enable their cyber offensive operations to disrupt these threats.”

For more information on this or other cyber and risk issues, contact Riggi at [email protected]. For the latest cyber and risk resources and threat intelligence, visit aha.org/cybersecurity.