Product Privacy and Cybersecurity
Partnering with our customers to deliver secure products and services
At Werfen, we understand that our customers face ever-changing challenges related to digitization of healthcare, mounting cyberthreats, cybersecurity guidance from regulatory authorities (e.g. FDA, TGA, Health Canada), as well as privacy requirements.
We are committed to continuously transforming our organization to address these product privacy and cybersecurity challenges and protect our systems against viruses or ransomware that could compromise our systems or patient data, and ultimately patient care. While cybersecurity is a shared responsibility between Werfen and our customers, we have developed the Product Privacy and Cybersecurity Action Program to help address its challenges.
Pillars of the Product Privacy and Cybersecurity Action Program include:
Institutionalize the functions related to privacy and cybersecurity
- Policy and Process
Establish standard policies and processes required in each functional area
- Product Design
Deploy mitigations for on-market products, implement privacy and security-by-design, and adapt to the changing landscape
- Customer Communication
Proactively summarize our approach to privacy and security, communicate critical vulnerabilities and mitigations, when appropriate
Additionally, by leveraging an Intelligent Threat Response approach, we track newly discovered vulnerabilities and address threats, as they emerge, with security updates. In the event of a security breach, our experts provide hands-on customer support to reduce further damage and restore secure system operation.
Our commitment to continuous adherence to this Action Program enables us to deliver products that support your efforts to protect patient data and your hospital from cyberthreats, to ensure that patient care is never interrupted or compromised—now and in the future.
To report a cybersecurity issue, email firstname.lastname@example.org
Werfen Product Cybersecurity Bulletin – Chrome, Chromium and Microsoft Edge (Jun. 13, 2022)
Werfen is aware of the CVE-2022-24475, CVE-2022-26891, CVE-2022-26895, CVE-2022-26900, CVE-2022-26908, CVE-2022-26909, and CVE-2022-26912 exploits affecting Chrome, Chromium, and MS Edge, and is assessing our products to determine impact, if any.
Werfen Product Cybersecurity Bulletin – MSDT/Follina (Jun. 9, 2022)
Werfen is aware of the CVE-2022-30190 Microsoft Support Diagnostic Tool Vulnerability and is assessing our products to determine impact, if any.
Werfen Product Cybersecurity Bulletin – OpenSSL Notification (Apr. 4, 2022)
Werfen is aware of the CVE-2022-0778 OpenSSL security vulnerability and is assessing our products to determine impact, if any.
Werfen Product Cybersecurity Bulletin – Pwnkit Update (Mar. 4, 2022)
Werfen is aware of the CVE-2021-4034 Linux Pwnkit security vulnerability and has assessed our products to determine impact.
We have tested and verified that the products impacted by the security defect at this time are limited to:
For the above products, Werfen continues to dedicate efforts to release the applicable corrective and mitigation actions.
(Original Pwnkit notification: Feb. 2, 2022)
Werfen Product Cybersecurity Bulletin – Log4j Update (Feb. 27, 2022)
Werfen has been aware of the CVE-2021-44228 log4j security defect and has assessed our products to determine impact.
We tested and verified that the products impacted by the security defect were limited to: HemoHub Intelligent Data Manager, Modulab, QUANTA Link and QUANTA Lyser 4.2.x, and Anthema.
Werfen has worked on and released the applicable mitigations for these products. For questions regarding the patch download and installation process, please contact your local Werfen Services team.
(Original Log4j notification: Dec. 21, 2021)
Please work with your local Werfen Services team if you have any questions or concerns about any cybersecurity bulletins.