web analytics

CISA: NextGen Healthcare Flaw Still Exploited After 7 Months – Source: www.databreachtoday.com

cisa:-nextgen-healthcare-flaw-still-exploited-after-7-months-–-source:-wwwdatabreachtoday.com
Rate this post

Source: www.databreachtoday.com – Author: 1

3rd Party Risk Management
,
Cybercrime
,
Fraud Management & Cybercrime

Attackers Are Targeting the Widely Used Mirth Connect Data Integration Platform

Marianne Kolbasuk McGee (HealthInfoSec) •
May 21, 2024    

CISA: NextGen Healthcare Flaw Still Exploited After 7 Months
Image: NextGen

Attackers are actively exploiting a vulnerability in NextGen Healthcare Mirth Connect product, a widely used, open-source data integration platform – seven months after the vulnerability was publicly disclosed and months after a patch was first made available, according to a CISA alert Monday.

See Also: Reducing Complexity in Healthcare IT

The federal agency added the vulnerability, CVE-2023-43208 – a NextGen Healthcare Mirth Connect “deserialization of untrusted data vulnerability” – to its Known Exploited Vulnerabilities Catalog, based on “evidence of active exploitation.” CISA did not provide examples of the type of exploitation being reported.

The NextGen vulnerability was first reported in October – and then updated in January – by researchers at security firm Horizon3.ai.

“NextGen Healthcare Mirth Connect before version 4.4.1 is vulnerable to unauthenticated remote code execution. This vulnerability is caused by the incomplete patch of CVE-2023-37679,” NIST said in its latest description of the issue.

Horizon3.ai in Oct. 2023 released an advisory for CVE-2023-43208 in which the firm described the problem as “a pre-authenticated remote code execution vulnerability” affecting NextGen Mirth Connect.

“If you’re a user of Mirth Connect and haven’t patched yet, we strongly encourage you to upgrade to the 4.4.1 patch release or later. This is an easily exploitable vulnerability that our own pentesting product, NodeZero, has exploited successfully against a number of healthcare organizations,” Horizon3.ai said in January.

It’s an unauthenticated remote code execution vulnerability, meaning that attackers can exploit it without any prior credentials and fully compromise the Mirth Connect server, Horizon3.ai said.

“Given that Mirth Connect is widely adopted among healthcare entities, it is very likely that healthcare entities have been attacked using this vulnerability,” Naveen Sunkavally, a researcher and chief architect at Horizon3.ai, told Information Security Media Group on Tuesday.

“We don’t have the details right now about the specific entities that were impacted. Back in April, Microsoft threat intelligence reported that China-based threat actor Storm-1175 exploited CVE-2023-43208 for initial access,” Sunkavally told ISMG.

“This vulnerability can be used for initial access to breach healthcare entities, as reported by Microsoft threat intelligence. It can also be used for lateral movement within internal networks, leading to access to sensitive healthcare data,” he said.

The vulnerability was fixed in Mirth Connect 4.4.1, but it might be tricky for some entities to simply upgrade to that version, Sunkavally said. “We’ve seen reports that upgrading to the latest version might break existing integrations, and some entities may be applying custom patches. In addition, as it is an open-source solution, Mirth Connect may be embedded in other products in the environment,” he said.

“The best way to check if you’re really patched is to try to exploit the vulnerability in your environment to see if it’s still exploitable.”

Organizations that expose Mirth Connect to the internet should patch this vulnerability on an emergency basis or disconnect it from the internet altogether, Sunkavally said. “In internal networks, this vulnerability should be high on the list of things to fix. It really depends on how Mirth Connect is being used in your environment and what kind of sensitive data is exposed through it.”

NextGen, a provider of cloud-based electronic health records, did not immediately respond to ISMG’s request for comment on the vulnerability or the types of exploitations reported.

NextGen is already facing at least a dozen proposed class action lawsuits for a health data breach discovered in April 2023 that affected 1 million individuals.

The company told regulators that hackers gained unauthorized access to a database by using client credentials that appear to have been stolen from other sources or incidents unrelated to NextGen. The company has not said what type of vulnerability attackers might have been exploiting in that incident (see: NextGen Facing a Dozen Lawsuits So Far Following Breach).

Original Post url: https://www.databreachtoday.com/cisa-nextgen-healthcare-flaw-still-exploited-after-7-months-a-25287

Category & Tags: –

Views: 0

LinkedIn
Twitter
Facebook
WhatsApp
Email

advisor pick´S post

Joas Antonio
ChatGPT for Cybersecurity by Joas Antonio dos Santos – malwareanalysis #reverseengineering
ChatGPT for Cybersecurity by Joas...
CISO2CISO Notepad Series
How Can We Structure Cybersecurity Teams To Better Integrate Security In Agile At Scale?
How Can We Structure Cybersecurity...
OCCUPYTHEWEB
Linux Basics for Hackers by Occupytheweb
Linux Basics for Hackers by...
NIST
Digital Forensics and Incident Response (DFIR) Framework for Operational Technology (OT) by NIST – Eran Salfati and Michael Pease
Digital Forensics and Incident Response...
Think Big Blog
Top 10 TED Talks to Learn about Cyber Security
Top 10 TED Talks to...
NCSC
NCSC Cyber Security for Small Business “SMEs” Guide.
NCSC Cyber Security for Small...
Marcos Jaimovich
The Silent Spectre Haunting Your Network: QPhishing, the CISO’s Unspoken Nightmare.
The Silent Spectre Haunting Your...
Marcos Jaimovich
Goodbye to Traditional: Why Conventional Cybersecurity Tools are No Longer Sufficient for the Future of Digital Threats ?
Goodbye to Traditional: Why Conventional...
Marcos Jaimovich
Why do we compare a SOC (Security Operations Center) with the cockpit of a commercial airplane? by Marcos Jaimovich
Why do we compare a...
Joas Antonio
Security Operations Center (SOC) – Tools for Operations Development by Joas Antonio
Security Operations Center (SOC) –...
IZZMIER
Incident Response Playbooks & Workflows Ready for use in your SOC & Redteams
Incident Response Playbooks & Workflows...
LOGPOINT
396 Use Cases & Siem Rules Code ready for use for Mitre Attacks Events Detection in Your SOC by Logpoint
396 Use Cases & Siem...

LASTEST PUBLISHED POSTS

Sectrio
The Global OT & IoT Threat Landscape Assessment and Analysis rEPORT 2024 by Sectrio Threat Research Lab Initiative.
The Global OT & IoT...
ISA SECURE
The Case for ISA/IEC 62443Security Level 2 as a Minimumfor COTS Components
The Case for ISA/IEC 62443Security...
Huntress
2024 Cyber Threat Report
2024 Cyber Threat Report
NACD - Intenet Security Alliance
2023 Director’s Handbook on Cyber-risk Oversight
2023 Director’s Handbook on Cyber-risk...
Devoteam
14 Cybersecurity Trends for 2024
14 Cybersecurity Trends for 2024
IGNITE Technologies
MEMORY FORENSICS VOLATILITY
MEMORY FORENSICS VOLATILITY
CAREER UP
7 Steps to your SOC Analyst Career
7 Steps to your SOC...
National Cyber Security Centrum
Managing Insider Threats
Managing Insider Threats
Marcos Jaimovich
The Silent Spectre Haunting Your Network: QPhishing, the CISO’s Unspoken Nightmare.
The Silent Spectre Haunting Your...
Marcos Jaimovich
Goodbye to Traditional: Why Conventional Cybersecurity Tools are No Longer Sufficient for the Future of Digital Threats ?
Goodbye to Traditional: Why Conventional...
National Security Agency
CSI Cloud Top10 Key Management
CSI Cloud Top10 Key Management
CSA Cloud Security Alliance
Defining the Zero TrustProtect Surface
Defining the Zero TrustProtect Surface

More Latest Published Posts

aws
AWS Security Incident Response Guide
AWS Security Incident Response Guide
Government of South Australian
South Australian Cyber Security Framework
South Australian Cyber Security Framework
NAO -National Audit Office
Audit and Risk Assurance Committee Effectiveness Tool
Audit and Risk Assurance Committee Effectiveness Tool
WWW. D E V S E COP S G U I D E S . CO M
Attacking Docker
Attacking Docker
W W W . D E V S E C O P S G U I D E S . C O M
Attacking AWS – Offensive Security Aproach
Attacking AWS – Offensive Security Aproach
ENISA
Artificial Intelligence and Cybersecurity Research 2023
Artificial Intelligence and Cybersecurity Research 2023
MuleSoft
API Security Best Practices – Protect your APIs with Anypoint Platform
API Security Best Practices – Protect your APIs with Anypoint Platform
Green Circle
All about Security Operations Center
All about Security Operations Center
DAZZ
A Guide to Building a Secure SDLC – Which Scanning Tools Should I look at, and where do they go?
A Guide to Building a Secure SDLC – Which Scanning Tools Should I look at, and where do they go?
zimperium
2023 Mobile Banking Heists Report
2023 Mobile Banking Heists Report
40 under 40
40 under 40 in CyberSecurity 2024
40 under 40 in CyberSecurity 2024
HADESS
40 Days in DeepDark Web About Crypto Scam
40 Days in DeepDark Web About Crypto Scam
Everbridge
8 Principles of Supply Chain Risk Management
8 Principles of Supply Chain Risk Management
CHAOSSEARCH
Threat Hunter’s Handbook – Using Log Analytics to Find and Neutralize Hidden Threats in Your Environment
Threat Hunter’s Handbook – Using Log Analytics to Find and Neutralize Hidden Threats in Your Environment
ENDGAME
The Hunters Handbook Endgame’s Guide to Adversary Hunting
The Hunters Handbook Endgame’s Guide to Adversary Hunting
THE EU’S MOST THREATENING by EUROPOL
THE EU’S MOST THREATENING by EUROPOL
National Cyber Security Centre
Responding to a cyber incident – a guide for CEOs
Responding to a cyber incident – a guide for CEOs
IGNITE Technologies
CREDENTIAL DUMPING
CREDENTIAL DUMPING
HADESS
Pwning the Domain Lateral Movement
Pwning the Domain Lateral Movement
Jorgen Lanesskog
PING Basic IP Network Troubleshooting
PING Basic IP Network Troubleshooting
TELESOFT
Layer 7 Visibility What are the Benefits?
Layer 7 Visibility What are the Benefits?
TIGERA
Introduction to Kubernetes Networking and Security
Introduction to Kubernetes Networking and Security
Department of Defense's (DoD)
Defense Industrial Base Cybersecurity Strategy 2024
Defense Industrial Base Cybersecurity Strategy 2024
Dummies
Zero Trust Access for Dummies Fortinet
Zero Trust Access for Dummies Fortinet
Homeland Security
Zero Trust Implementation Strategy
Zero Trust Implementation Strategy
National Australia Bank Limited
Your Business and Cyber Security
Your Business and Cyber Security
CYFIRMA
Xeno RAT- A New Remote Access Trojan
Xeno RAT- A New Remote Access Trojan
IGNITE Technologies
Windows Persistence COM Hijacking MITRE T1546 015
Windows Persistence COM Hijacking MITRE T1546 015