- Baxter joins government sponsored Common Vulnerabilities and Exposures (CVE®) program as a CVE Numbering Authority
- Program identifies, defines and catalogs publicly disclosed cybersecurity vulnerabilities to help enable more rapid identification and resolution
Baxter International Inc. (NYSE:BAX), a leading global medtech leader, announced that it has received authorization from the Common Vulnerability and Exposures (CVE®) program to be a CVE Numbering Authority. As a CVE Numbering Authority (CNA), Baxter is responsible for the assignment of CVE identifiers to cyber vulnerabilities for Baxter and Hillrom commercially available products, and for publicly disclosing information about the vulnerabilities in the associated CVE Record. The CVE program is sponsored by the Cybersecurity and Infrastructure Security Agency (CISA), which is part of the U.S. Department of Homeland Security and aims to enable the rapid identification and resolution of cybersecurity issues.
“We remain vigilant in working to protect Baxter devices from cybersecurity threats,” said Talvis Love, senior vice president and chief information officer at Baxter. “Our designation as a CVE Numbering Authority is an extension of these efforts to strengthen cybersecurity across our network and portfolio.”
Cyberattacks against healthcare organizations have risen 45% since Nov. 1, 2020 as compared to a 22% increase in cyberattacks for other industries during the same time period. Cyberattacks are also increasingly growing in sophistication, intensifying the risk to healthcare systems and patients.
A centralized system and process for cataloging cybersecurity vulnerabilities helps stakeholders like device manufacturers, hospital systems and IT teams to more rapidly discover and correlate information used to protect systems against attacks. Technology and cybersecurity professionals use CVE Records to ensure they are discussing the same issue, and to coordinate their efforts to prioritize and address the vulnerabilities. Using standardized and publicly disclosed CVE records can result in significant time and cost savings.
“Our contributions as a CVE Numbering Authority will help support the faster identification, remediation and resolution of potential cybersecurity vulnerabilities and allow hospitals and clinics to continue focusing on providing the highest level of care to patients,” said Love.