Product Privacy and Cybersecurity
Partnering with our customers to deliver secure products and services
At Werfen, we understand that our customers face ever-changing challenges related to digitization of healthcare, mounting cyberthreats, cybersecurity guidance from regulatory authorities (e.g. FDA, TGA, Health Canada, etc), as well as privacy requirements.
We are committed to continuously transforming our organization to address these product privacy and cybersecurity challenges and protect our systems against viruses or ransomware that could compromise our systems or patient data, and ultimately patient care.
While cybersecurity is a shared responsibility between Werfen and our customers, we have developed the Product Privacy and Cybersecurity Action Program to help address its challenges.
Pillars of the Product Privacy and Cybersecurity Action Program include:
Institutionalize the functions related to privacy and cybersecurity
2. Policy and Process
Establish standard policies and processes required in each functional area
3. Product Design
Deploy mitigations for on-market products, implement privacy and security by design, and adapt to the changing landscape
4. Customer Communication
Proactively summarize our approach to privacy and security, communicate critical vulnerabilities and mitigations when appropriate
Additionally, by leveraging an Intelligent Threat Response approach, we track newly discovered vulnerabilities and address threats as they emerge with security updates. In the event of a security breach, our experts provide hands-on customer support to reduce further damage and restore secure system operation.
Our commitment to continuous adherence to this Action Program enables us to deliver products that support your efforts to protect your patient data and your hospital from cyberthreats, to ensure that patient care is never interrupted or compromised—now and in the future.
To report a cybersecurity issues, email firstname.lastname@example.org.
Werfen Product Cybersecurity Bulletin
Werfen is aware of the CVE-2021-44228 log4j security defect and has assessed our products to determine impact.
We have tested and verified that the products impacted by the security defect at this time are limited to: HemoHub Intelligent Data Manager, Modulab, QUANTA Link and QUANTA Lyser 4.2.x, and Anthema. For these products, we continue to dedicate effort to applying relevant mitigation actions.
For questions or concerns, please contact your local Werfen Service representative.