Cybersecurity alert: Vulnerability in Cisco’s Emergency Responder communications platform

Editor's Note

Cisco has released an update that fixes a critical vulnerability in their Emergency Responder communications platform, a system used throughout the health sector, an October 6 HC3: Sector Alert from the Department of Health and Human Services (HHS) Office of Information Security reports. The HHS recommends that healthcare systems prioritize updating systems to fix this vulnerability.

• The vulnerability allows a cyber attacker to completely compromise a system, and launch cyberattacks across an enterprise network. 
• The vulnerable software–Cisco’s Emergency Responder (CER) communications platform–runs on top of Cisco’s Unified Communications Manager platform. 
• More than 200,000 customers and tens of millions of soft clients use the platform which includes Emergency Call Routing, Database Management, Location Tracking, and Alerts/Notifications. 
• HHS recommends healthcare organizations identify vulnerable systems in their infrastructure and prioritize the implementation of this update. 

A related October 4 security advisory notes that there are no workarounds and the software must be immediately updated in order for the vulnerability to be mitigated.