Medical Web Experts Security Bulletin: February 2022

Pablo Bullian

Pablo Bullian

Posted on February 16, 2022

Graphic of a large laptop with a shield and padlock in front of it. Smaller images of people on the left and right side of the labtop interact with various mobile devices.

Welcome back to the Medical Web Experts Security Bulletin. Below are some recent developments that may impact your organization, as well as our recommendations for keeping your systems secure.

Mitigating Russian State-Sponsored Cyber Threats to U.S. Critical Infrastructure

The Cybersecurity & Infrastructure Security Agency (CISA) released an advisory this month to federal government officials, alerting them to be prepared for a wave of cyberattacks by Russian-backed hacker groups. CISA describes a series of popular exploited vulnerabilities that can be used to gain access to government or corporate networks. We recommend that you review the advisory and ensure that all of your software is up-to-date.

Another iPhone Zero-Day Vulnerability Is Exploited to Install Spyware

A cybersecurity company from Israel used a zero-day vulnerability (a vulnerability not reported to the manufacturer and with no patch) in iPhones to sell spyware capabilities to their clients. Like the NSO group that gave birth to Pegasus spyware, another company in Israel is now trying to do the same, even after all of the bad press the NSO got for selling these products to dubious regimes around the world.

Zero-day vulnerabilities are difficult to mitigate, as there is no known patch for them. However, trying to apply security measures by layers, for example, by encrypting communications securely when using mobile devices, can help to avoid a complete compromise on the device.

US Government Creates a Cybersecurity Review Board to Learn from Attacks

The Biden administration has formed a Cyber Safety Review Board within the Department of Homeland Security tasked with examining and learning from previous cybersecurity failures. The board will function under the NSA and will focus on the latest Log4J vulnerability that has affected many web services and software in the past months. This is a great exercise for gaining and applying previous knowledge to future cybersecurity incidents that may arise.

US Government Releases Memo on “Moving the U.S. Government Toward Zero Trust Cybersecurity Principles”

The Executive Office of the President released a memo to prepare all branches of the government to adopt zero trust cybersecurity principles. To understand what this means, a key tenet of zero trust architecture is that no network is implicitly considered trusted. Several commercial services are trying to offer approaches to zero-trust to private companies also, like BeyondCorp from google.

The memo also underlines the importance of encrypting communications both outside and inside the organization, addressing some of today’s challenges such as secure DNS or encrypting email, a service that was created in the 70’s and is still difficult to protect. CISA will work on evaluating new standards for the aforementioned services.


Pablo Bullian

Pablo Bullian

Pablo, our Chief Information Security Officer, architected and manages Medical Web Expert’s HIPAA-compliant hosting infrastructure. He is a Certified Information Systems Security Professional (CISSP), Amazon Web Services (AWS) Certified Solutions Architect, and Cisco Certified Network Associate (CCNA). Pablo has an M.S. in Cybersecurity from the University of Buenos Aires and he’s passionate about all things related to cybersecurity and cloud hosting.

Related Posts

Illustration of a boy sittin on top of a computer with security shields floating.

Posted on January 07, 2022 by Pablo Bullian

A Look at 2021’s Most Dangerous Vulnerabilities Found in Windows Patching is a complex task that most companies struggle with or overlook, but keeping systems, and therefore patches, updated is…Read more


Illustration of a doctor and a patient standing on either side of an oversized mobile device looking at the patient's health information and application features that facilitate telehealth and in-person care.

Posted on December 22, 2021 by Jared Mauskopf

At the beginning of the Covid-19 pandemic, we experienced a major shift from in-person care to telehealth. Providers and enterprises across the healthcare industry quickly developed a telehealth solution that…Read more