US healthcare organizations are being warned of cyber-attack risks linked to older flaws in Apache Tomcat, which hosts electronic health records and many other systems. The vulnerabilities are regularly exploited but often overlooked, creating ongoing risk. Known issues include remote code execution, denial of service, and insecure deserialization. The healthcare sector is heavily dependent on Apache Tomcat which means it has become a prime target for cybercriminals.
Dispersed responsibility, lack of asset inventory is causing gaps in medical device cybersecurity
Witnesses at a House hearing on medical device cybersecurity highlighted the need for better tracking of devices and their vulnerability to cyber threats. They noted
