Cybersecurity
Menu
Cybersecurity graphic

Cybersecurity:
Keeping You Informed


Cyber Lock Graphic
Konica Minolta Healthcare Americas is committed to providing exceptional healthcare solutions to our customers by deploying cutting edge software, systems, and services. We know that our customers depend on us, now more than ever as we face not only a pandemic but also persistent cybersecurity threats in healthcare.

We are continuously vigilant and take cybersecurity seriously, understanding that surfacing these risks is the responsibility of all of us. This site is developed as a resource for our customers to share information relevant to securing patient data in your operations.

A Message for our Customers

As the Covered Entity your company has the responsibility to protect its PACS system (Exa server) and all interconnecting networks that house PHI data. Please ensure that your organization has the appropriate physical security and cybersecurity deployed to safeguard your PHI data from breach or ransomware. These measures should be aligned to your organizations risk acceptance and privacy rule standards, under the HIPAA regulatory requirements, from the Department of Health and Human Services (“HHS”).

These safeguards are (but not limited to):

  1. Reasonable perimeter security (area access restrictions).
  2. Appropriate network segmentation.
  3. Multiple firewalls and routers.
  4. Data encryption at any points of PHI. “At rest” and “in transit”.
  5. Appropriate endpoint protection. AV / Malware protection, Endpoint Detection and Response EDR.
  6. An appropriate Disaster Recovery and Business Continuity (DRBC) plan that is tested regularly to ensure it will work properly in the event of ransomware attack or system failure.

At no time should you have port 104 (or any other port) open directly to the internet without a robust and up to date VPN that uses 256 AES data encryption.

cybersecurity shield floating over a tablet

Current CVE’s

Current Common Vulnerabilities and Exposures (CVE) Information and Investigations for Konica Minolta Products

  • December 13, 2021

    Apache Log4j (CVE-2021-44228) – Apache Software Library Vulnerability

    KMHA is aware of the vulnerability CVE-2021-44228 that affects Apache Log4j* software library. If exploited, this vulnerability allows remote code execution on vulnerable systems. Information on the CVE-2021-44228 can be found here: https://www.cisa.gov/uscert/ncas/current-activity/2021/12/13/cisa-creates-webpage-apache-log4j-vulnerability-cve-2021-44228

    KMHA is actively assessing products that may utilize Apache Log4j to determine possible impact. Additional information will be available upon completion of analysis and testing. Our preliminary investigation has identified that most products are not impacted. We ask customers to please follow up with any 3rd party software, vendors or integrators in their environment, to determine if those products are affected or not.

    Note: This is a global issue, and we ask that each customer also evaluate their exposure with all 3rd party software products in their environment, Customers should follow the appropriate guidance measures and technical bulletins published.

    Please Contact the Call Center 1 (800) 945-0456 to inquire about this vulnerability and any impact to your Konica Minolta System.

    * This vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects. NIST National Vulnerability Database ****

    Download the Technical Brief

     

    U.S. Cybersecurity & Infrastructure Security Agency (CISA) Website Link

Archive of al KMHA related CVE’s

Cybersecurity Related Alerts, News & Updates

Weekly summaries of new vulnerabilities along with patch information from CISA & US-CERT

For all CISA mailing lists and feeds see their website.

HIPPA logo

Security & Privacy Environments

  • February 1, 2021

    HIPAA Fundamentals – An introduction to the fundamentals of HIPAA compliance.

    ecFirst Download File
  • February 1, 2021

    HIPAA Covered Entities – An Infographic

    ecFirst Download File
  • February 1, 2021

    HIPAA Business Associate — An Infographic

    ecFirst Download File
  • February 1, 2021

    HIPAA Security Rule Crosswalk to NIST Cybersecurity Framework

    U.S. Department of Health & Human Services Download File
  • May 3, 2020

    Summary of the HIPAA Privacy Rule – Who is covered? What information is protected? How protected health information can be used and disclosed?

    U.S. Department of Health & Human Services Download File

Cybersecurity Education & Training

  • April 11, 2021

    CISA Security Tip (ST19-001) — Protecting Against Ransomware

    U.S. Cybersecurity & Infrastructure Security Agency Website Link
  • February 1, 2021

    Ransomware: Fast Facts – An Infographic

    ecFirst Download File
  • February 1, 2021

    Ransomware Guidance from U.S. Department of Health & Human Services

    U.S. Department of Health & Human Services Website Link
  • February 1, 2021

    Quick-Response Checklist from the HHS, Office for Civil Rights (OCR)

    U.S. Department of Health & Human Services Download File
  • June 7, 2011

    Cyber Attack Quick Response

    U.S. Department of Health & Human Services Download File
man holding a globe made of computer screens

Hand holding floading gold shield

Best Practices

  • February 23, 2021
    ACR Bulletin: Recovery Mode

    Cyber attacks have ramped up in recent years, and radiology practices must be prepared to respond decisively to potential breaches.

    American College of Radiology Website Link
  • June 27, 2019
    ACR Bulletin: Under Attack

    Radiologists must make cyber security a priority to protect their businesses and patient data.

    American College of Radiology Website Link

Contact Konica Minolta Healthcare Americas about Cybersecurity






















    *Required Fields








    ©2014 Konica Minolta Healthcare Americas, Inc.