Once a security update is in status released, the simple thing to do is apply updates, apt update && apt upgrade
Consider implementing some kind of patch management report to confirm all hosts are updated and compliant. These range from simple scripts to products you might buy.
So, how would I know that this is truely 1.1.1n?
Ubuntu's fix for CVE-2022-0778 is not 1.1.1n. Like other stable distributions, they have a habit of backporting only the specific fix to their chosen version. Read the table again, and notice that bionic is openssl 1.1.1-1ubuntu2.1~18.04.15
The funny-looking version string appended at the end is important, it indicates which build.
build on Mar 9 prior to openssl making the source available to the public
It takes time to build and test software. Ubuntu, like other distros, is on a list to get notified prior to general announcement. Reduces time users are exposed to flaws.
A build date is a good sanity check that you have the required patch level, but realize it is possible to be built before upstream's announcement without needing a time machine.
Ubuntu distro managers importing openssl 1.1.1n into their repo (which may just be a public facing repo)
Beware making conclusions about what in version control actually goes into a fix for your version. Based on the branch names, that probably has to do with Ubuntu comparing to Debian sid or upstream releases. Not bionic.
Refer to the security advisory.