Placeholder
Placeholder
  1. Contact
  2. Breast & Skeletal Products Cybersecurity

Breast & Skeletal Products Cybersecurity

Breast & Skeletal Products Cybersecurity

The values of patient safety and integrity long associated with women’s health and well-being through early detection and treatment require a strong focus on cybersecurity to protect the promises inherent in an interconnected, data-driven healthcare model. At Hologic, we engineer and deliver products and solutions that improve the lives of women across the globe. Our goal is to ensure our products and solutions meet the highest security standards and that commitment governs how we approach cybersecurity across our business.

Hologic Cybersecurity - Validated Microsoft Monthly Critical Patch Releases

Validated Microsoft Monthly Critical Patch Releases

Patches validated for installation on Hologic Breast and Skeletal Health systems
learn more
Hologic Cybersecurity - MDS2 Forms

MDS2 Forms

Manufacturer Disclosure Statement for Medical Device Security (MDS2) forms for Hologic Breast and Skeletal Health systems
learn more
Hologic Cybersecurity - Cybersecurity Reports and Best Practices

Cybersecurity Reports and Best Practices

Corporate and product-specific cybersecurity reports and best practices documentation for Hologic Breast and Skeletal Health systems
Learn more
Hologic Cybersecurity - Antivirus Installation and Configuration Guides

Antivirus Installation and Configuration Guides

Information for installing and configuring Antivirus Software on Hologic Breast and Skeletal Health systems
Learn More

Security Advisories

PTC Axeda agent and Axeda Desktop Server, ICSA-22-067-01 - March 15, 2022

Hologic is monitoring the latest security vulnerability ICSA-22-067-01, impacting the PTC Axeda agent and Axeda Desktop Server.

The identified vulnerability affects all Hologic product systems that have Hologic Connect™ installed. We believe the risk to our products is low, as these products are not internet facing.

Immediate mitigation strategies include removing the Axeda agent service, the Axeda Desktop Server service and deleting the associated vulnerable files from our systems. Detailed instructions for performing the recommended mitigation can be found in CTB-01038.

Hologic is already in the process of transitioning its products away from the PTC Axeda products in favor of Unifi™ Connect, a more secure remote access platform, which Hologic will be prioritizing for all customers to minimize any impacts to product servicing.

Apache Log4J Security Vulnerability - December 16, 2021

Hologic is closely monitoring the situation known as Log4Shell, impacting Apache Log4J as part of CVE-2021-44228. This is a serious vulnerability affecting systems across the world, has remote execution potential, low skill requirements for exploit, and has received a rating of critical (10). Log4J is a popular open-source logging framework for Java applications.

Currently, versions 2.0 to 2.14 of Log4J are deemed to be at risk by researchers. Versions 1.x of Log4J are not deemed at risk at this time. Apache has released an update for Log4J, first v2.15 and then v2.16, to address this vulnerability. For more information, please visit the Apache logging services log4j security page https://logging.apache.org/log4j/2.x/security.html.

Hologic will update this guidance for Breast & Skeletal Health products as more information is obtained. If you require any assistance with our products, please contact Hologic Support.

Impacted Products and recommendation:

  •  Advanced Workflow Manager (AWM)

    While the Hologic software itself does not utilize Java/Log4J, the installed APC PowerChute UPS with Business Edition v9.5 software installed may. APC is still assessing its PowerChute software to determine if it is vulnerable. 

    Out of an abundance of caution, Hologic recommends uninstalling the APC PowerChute software until APC provides further guidance, which Hologic is monitoring at https://www.se.com/ww/en/work/support/cybersecurity/security-notifications.jsp
     

  •  Unifi Workspace

    While the Hologic software itself does not utilize Java/Log4J, the optionally installed APC PowerChute UPS with Business Edition v9.5 software installed may. APC is still assessing its PowerChute software to determine if it is vulnerable.

    Out of an abundance of caution, Hologic recommends uninstalling the APC PowerChute software until APC provides further guidance, which Hologic is monitoring at https://www.se.com/ww/en/work/support/cybersecurity/security-notifications.jsp

    For the above mentioned Advanced Workflow Manager and Unifi Workspace products, Hologic has released CTB-00996 to provide Hologic customers, field engineers, and technical support engineers with instructions for removing affected versions of APC PowerChute™ software as a means of mitigating potential risk from the Log4J vulnerability. Click here to download: CTB-00996 Log4J Vulnerability Risk Mitigation
     

  • Faxitron CT Specimen Radiography System

    While the Hologic software itself does not utilize Java/Log4J, there is a utility program installed that may utilize Java and Log4J. This utility program does not run on startup and is not required for system operation. Please contact Hologic Service for assistance in removing this program.

Products with no detected impact:

  • Dimensions / 3Dimensions Mammography System
  • Affirm Prone Biopsy System
  • Brevera Breast Biopsy System
  • Trident HD Specimen Radiography System
  • SecurView DX/RT Workstation and Manager
  • Cenova Image Analytics Server (CAD)
  • SecurXChange Router    
  • Rosetta DC Tomosynthesis Data Converter
  • Faxitron Specimen Radiography Systems
  • Horizon DXA Bone Densitometer
  • Discovery Bone Densitometer
  • Fluoroscan Insight Mini C-Arm
  • SuperSonic Imagine Ultrasound Products (Aixplorer & Aixplorer Mach)
  • Windows Selenia Mammography System

Ransomware Activity Targeting the Healthcare and Public Health Sector - October 30, 2020

Hologic is closely monitoring the situation of malware/ransomware named Ryuk, Conti, and others targeting the healthcare and public health sector. The most common method of ransomware distribution is through spam or phishing emails. 

Hologic Breast and Skeletal products do not contain email clients and are significantly hardened to limit exploitation from this and other malware by disabling many of the services that malware can use to propagate across a network.

We recommend all customers to continue following cybersecurity best practices, including the use of firewalls, restricting external internet access, running updated anti-virus software, and keeping validated security patches up to date. 

For more information, please visit https://us-cert.cisa.gov/ncas/alerts/aa20-302a
 

EXPLORE ADDITIONAL SUPPORT LINKS