Medical Web Experts Security Bulletin: January 2022

Pablo Bullian

Pablo Bullian

Posted on January 07, 2022

Illustration of a boy sittin on top of a computer with security shields floating.

A Look at 2021’s Most Dangerous Vulnerabilities Found in Windows

Patching is a complex task that most companies struggle with or overlook, but keeping systems, and therefore patches, updated is considered one of the most basic and necessary security measures. This article looks at the most dangerous of the 883 bugs that were patched by Microsoft in 2021. These patches can wreak havoc on companies that have not applied them yet, so it’s important to update software often. It’s also recommended to often review and refresh the software update policies and audit the processes linked to it.

Cloud Security Breaches in 2021

Another list of a series of breaches that occurred in 2021 to companies that rely on the cloud. This list reinforces Medical Web Expert’s stance that the cloud is not secure by default. Those who manage and configure cloud environments should take a deep dive into securing environments and keeping up with the latest security vulnerabilities found on those platforms.

One example, that unfortunately still happens today, are the leaks on S3 buckets or similar solutions from other vendors. Access management and audits should apply to every service on the cloud, as to not overlook common issues of sensitive information being exposed publicly.

Building Automated Systems Attacked by Hackers

A German company, Building Automated Systems, was attacked by hackers, who accessed the software that controls the lighting and power of one of its buildings. The hackers took control of 75% of the devices, locking down the system in a “physical” denial-of-service attack against the building. Fortunately, the automation manufacturer was able to revert the hack, but this is not the only case so far. As more and more companies rely on automated systems, they should also take into consideration the associated security aspects in order to protect the system against intruders.

Log4j Vulnerability Advisory

CISA and five other international security agencies released guidelines to mitigate the famous log4shell attack, of which millions of systems (and hardware devices that cannot be patched) are victims. The detailed guideline should be thoroughly reviewed in the case that your company relies on this module, or has some system that has log4j included in them. The original patch that was released during the first days of the attack was not able to mitigate the attack, and more vulnerabilities have been found since then.


Pablo Bullian

Pablo Bullian

Pablo, our Chief Information Security Officer, architected and manages Medical Web Expert’s HIPAA-compliant hosting infrastructure. He is a Certified Information Systems Security Professional (CISSP), Amazon Web Services (AWS) Certified Solutions Architect, and Cisco Certified Network Associate (CCNA). Pablo has an M.S. in Cybersecurity from the University of Buenos Aires and he’s passionate about all things related to cybersecurity and cloud hosting.

Related Posts

Illustration of a doctor and a patient standing on either side of an oversized mobile device looking at the patient's health information and application features that facilitate telehealth and in-person care.

Posted on December 22, 2021 by Jared Mauskopf

At the beginning of the Covid-19 pandemic, we experienced a major shift from in-person care to telehealth. Providers and enterprises across the healthcare industry quickly developed a telehealth solution that…Read more


Illustration of four people in a healthcare organization discuss ideas and the roadmap for their softare development project.

Posted on December 03, 2021 by Paul Galbraith

When embarking on a software development project, there are often many unknowns: How should legacy software integrate with new solutions? What compliance issues need to be solved? How can technologies…Read more


Newsletter
Subscribe to Our Newsletter

Get promotions and current business tips. Sign up for our newsletter today.