September brought cybersecurity challenges for healthcare organizations as vulnerabilities surged across critical systems. Firewalls, endpoint managers, and hidden misconfigurations in trusted platforms like ServiceNow allowed attackers to exploit vulnerabilities.
In this roundup, we break down the most pressing threats and the key actions healthcare organizations should take to stay ahead and protect their networks.
SonicWall SSLVPN Flaw Fuels Ransomware Campaigns
A new vulnerability in SonicWall’s SSLVPN feature has opened the door for attackers to crash firewalls and deploy ransomware. Initially thought to affect only the management tool, researchers have confirmed that the Akira ransomware group actively exploits this flaw (CVE-2024-40766) in the wild.
This vulnerability impacts multiple SonicWall firewall generations, making it a high-priority risk for healthcare systems that rely on these firewalls to secure their networks.
Patient data and lifesaving systems may be at stake, so it is crucial to apply the latest patches immediately or follow SonicWall’s workaround to restrict management access to trusted sources.
For more details, refer to our SonicWall threat bulletin.
Proof-of-Concept Released for Ivanti Endpoint Manager RCE
A critical flaw in Ivanti Endpoint Manager (EPM) has become a popular target for hackers, with a proof-of-concept now available to exploit the vulnerability (CVE-2024-29847). This flaw allows attackers to remotely execute code in the context of SYSTEM—without authentication—putting healthcare systems that rely on Ivanti EPM in grave danger.
Healthcare organizations are particularly vulnerable to attacks like these, as they can lead to the shutdown of critical life-sustaining systems.
The hot patch released by Ivanti should be applied immediately to prevent exploitation, and organizations should ensure that Microsoft .NET Remoting is not in use, as it plays a role in this vulnerability’s exploitation.
For additional insights, check out our Ivanti threat bulletin.
ServiceNow Misconfigurations Expose Sensitive Data
Misconfigured access controls in ServiceNow’s Knowledge Base (KB) have left over 1,000 enterprises exposed to potential data breaches. These misconfigurations allow unauthorized users to access sensitive internal data without authentication, including credentials, phone numbers, and other corporate secrets.
For healthcare organizations, such exposure could harm business operations and erode patient trust. Reviewing and updating Access Control Lists (ACLs) is essential to ensure that only the necessary data is publicly accessible. Strengthening ACLs will help mitigate the risk of exposing sensitive information.
For a deeper dive, refer to our ServiceNow threat bulletin.
Progress WhatsUp Gold Exploit: Unauthenticated Network Compromise
Progress WhatsUp Gold, an application monitoring tool for Windows networks, has been hit by an unauthenticated SQL Injection vulnerability (CVE-2024-6670). Attackers use PowerShell scripts to retrieve encrypted passwords and execute arbitrary code on WhatsUp Gold instances, potentially leading to full system compromise.
For healthcare networks that rely on this tool to monitor IT infrastructure, a successful exploit could disrupt critical systems, putting patient care at risk. Healthcare providers using WhatsUp Gold should immediately upgrade to the latest version (24.0.0 or newer) to patch this vulnerability and prevent unauthorized access.
For more information, read our WhatsUp Gold threat bulletin.
SolarWinds Help Desk: Critical Exploit of Hardcoded Credentials
A critical vulnerability in SolarWinds Web Help Desk (CVE-2024-28987) is actively being exploited, allowing attackers to use hardcoded credentials to access unpatched systems. A recently released proof-of-concept has accelerated the need for immediate action, with this vulnerability now listed in CISA’s Known Exploitable Vulnerabilities catalog.
Healthcare organizations using SolarWinds Web Help Desk should apply hotfix 12.8.3 HF2 immediately to protect against further attacks. Monitoring for unusual activity—such as unrecognized IP addresses interacting with OrionTicket endpoints—can help detect potential exploitation early.
See our SolarWinds threat bulletin for additional details.
Securing Healthcare from Third-Party and Business Threats
In a world where cyber threats come from every corner—especially from the vendors and partners you rely on—it’s not enough to patch and move on. You need to be proactive, tightening access controls and keeping an eye on the cracks in your defenses before they turn into business-threatening gaps. After all, patient care and operational stability depend on it.
Want to know exactly how to stay ahead? Join us for our upcoming webinar on Business Impact Analysis (BIA) and Third-Party Risk Management (TPRM). It’s packed with insights and practical tips to help manage vendor risks, fortify your security, and keep your organization running smoothly.