PTC Axeda agent and Axeda Desktop Server, ICSA-22-067-01 - March 15, 2022

Hologic is monitoring the latest security vulnerability ICSA-22-067-01, impacting the PTC Axeda agent and Axeda Desktop Server.

The identified vulnerability affects all Hologic product systems that have Hologic Connect™ installed. We believe the risk to our products is low, as these products are not internet facing.

Immediate mitigation strategies include removing the Axeda agent service, the Axeda Desktop Server service and deleting the associated vulnerable files from our systems. Detailed instructions for performing the recommended mitigation can be found in CTB-01038.

Hologic is already in the process of transitioning its products away from the PTC Axeda products in favor of Unifi™ Connect, a more secure remote access platform, which Hologic will be prioritizing for all customers to minimize any impacts to product servicing.

Apache Log4J Security Vulnerability - December 16, 2021

Hologic is closely monitoring the situation known as Log4Shell, impacting Apache Log4J as part of CVE-2021-44228. This is a serious vulnerability affecting systems across the world, has remote execution potential, low skill requirements for exploit, and has received a rating of critical (10). Log4J is a popular open-source logging framework for Java applications.

Currently, versions 2.0 to 2.14 of Log4J are deemed to be at risk by researchers. Versions 1.x of Log4J are not deemed at risk at this time. Apache has released an update for Log4J, first v2.15 and then v2.16, to address this vulnerability. For more information, please visit the Apache logging services log4j security page https://logging.apache.org/log4j/2.x/security.html.

Hologic will update this guidance for Breast & Skeletal Health products as more information is obtained. If you require any assistance with our products, please contact Hologic Support.

Impacted Products and recommendation:

•  Advanced Workflow Manager (AWM)

  While the Hologic software itself does not utilize Java/Log4J, the installed APC PowerChute UPS with Business Edition v9.5 software installed may. APC is still assessing its PowerChute software to determine if it is vulnerable. 

  Out of an abundance of caution, Hologic recommends uninstalling the APC PowerChute software until APC provides further guidance, which Hologic is monitoring at https://www.se.com/ww/en/work/support/cybersecurity/security-notifications.jsp
   

•  Unifi Workspace

  While the Hologic software itself does not utilize Java/Log4J, the optionally installed APC PowerChute UPS with Business Edition v9.5 software installed may. APC is still assessing its PowerChute software to determine if it is vulnerable.

  Out of an abundance of caution, Hologic recommends uninstalling the APC PowerChute software until APC provides further guidance, which Hologic is monitoring at https://www.se.com/ww/en/work/support/cybersecurity/security-notifications.jsp
   

• Faxitron CT Specimen Radiography System

  While the Hologic software itself does not utilize Java/Log4J, there is a utility program installed that may utilize Java and Log4J. This utility program does not run on startup and is not required for system operation. Please contact Hologic Service for assistance in removing this program.

Products with no detected impact:

• Dimensions / 3Dimensions Mammography System
• Affirm Prone Biopsy System
• Brevera Breast Biopsy System
• Trident HD Specimen Radiography System
• SecurView DX/RT Workstation and Manager
• Cenova Image Analytics Server (CAD)
• SecurXChange Router    
• Rosetta DC Tomosynthesis Data Converter
• Faxitron Specimen Radiography Systems
• Horizon DXA Bone Densitometer
• Discovery Bone Densitometer
• Fluoroscan Insight Mini C-Arm
• SuperSonic Imagine Ultrasound Products (Aixplorer & Aixplorer Mach)
• Windows Selenia Mammography System

Ransomware Activity Targeting the Healthcare and Public Health Sector - October 30, 2020

Hologic is closely monitoring the situation of malware/ransomware named Ryuk, Conti, and others targeting the healthcare and public health sector. The most common method of ransomware distribution is through spam or phishing emails. 

Hologic Breast and Skeletal products do not contain email clients and are significantly hardened to limit exploitation from this and other malware by disabling many of the services that malware can use to propagate across a network.

We recommend all customers to continue following cybersecurity best practices, including the use of firewalls, restricting external internet access, running updated anti-virus software, and keeping validated security patches up to date. 

For more information, please visit https://us-cert.cisa.gov/ncas/alerts/aa20-302a