October was no ordinary month for healthcare IT—it was Cybersecurity Awareness Month, highlighting the essential steps we all need to take to stay secure. But this October wasn’t only about awareness; it underscored the reality of new and evolving threats. From vulnerabilities in trusted tools like FortiManager and ServiceNow to ransomware infiltrating Microsoft Teams, attackers didn’t slow down.
With healthcare systems and patient data in the crosshairs, healthcare IT had to double down on technical defenses and user education.
Read on for a recap of October’s top cyber threats and the actions needed to help keep healthcare healthy.
NIST Updates Password Directive: Less Complexity, More Security
In October, the National Institute of Standards and Technology (NIST) made significant updates to its password guidelines, advocating for longer, simpler passwords rather than complex, frequently changed ones.
Under the revised NIST 800-63B standards, passwords up to 64 characters became encouraged, while periodic resets and complex symbols were no longer required.
Password changes are recommended only if an account was compromised, easing the password burden for healthcare users.
For further details, see our NIST password directive bulletin.
Linux CUPS Vulnerabilities Put Networks at Risk
Recent discoveries in the Common Unix Printing System (CUPS) revealed that attackers could take control of Linux-based devices by creating fake printers and exploiting how CUPS processes print requests. These vulnerabilities allow bad actors to inject malicious code, launch DDoS attacks, and disrupt essential systems.
In response, healthcare IT teams should move swiftly, disabling or limiting CUPS services on internet-facing systems to prevent unauthorized access until patches can be rolled out. This approach helps reduce exposure and maintain network stability.
For a deeper dive into the issue and best practices for mitigation, see our detailed Linux CUPS bulletin.
Black Basta Ransomware Targets Microsoft Teams in Healthcare
The Black Basta ransomware group recently changed its approach, using Microsoft Teams to impersonate IT support and trick employees into downloading malicious software. By posing as legitimate IT staff, attackers convince users to install remote access tools—sometimes using QR codes to add a sense of authenticity. Once inside, they deploy ransomware across networks, compromising critical healthcare systems.
In response, healthcare organizations should restrict Team’s access to trusted domains, ramp up phishing awareness training, and bolster defenses against unauthorized remote access, aiming to protect systems and patient data.
Read our Black Basta bulletin to learn more about this threat.
ClickFix Malware Exploits Fake Google Meet Error Messages
The ClickFix campaign took a new approach in October, using fake Google Meet error pages to lure users into downloading malware disguised as troubleshooting tools.
Victims were tricked into executing PowerShell commands, resulting in the installation of data exfiltration tools, keyloggers, and other malware.
Healthcare professionals using video conferencing tools are advised to verify the source of meeting invitations and limit PowerShell usage to administrators to prevent these attacks.
For additional insights, check out our ClickFix malware bulletin.
Fortinet FortiManager Vulnerability Sparks Urgent Update for Healthcare Systems
In October, a critical vulnerability in Fortinet’s FortiManager sent healthcare IT teams into action. This flaw allowed attackers to execute code remotely and potentially access sensitive data. Fortinet responded quickly, issuing an urgent update for FortiManager versions 7.2.8 and 7.4.5 and providing mitigations for older versions that needed extra protection while awaiting patches.
To reduce risk, healthcare organizations should ensure that only trusted devices could connect to the platform, helping secure critical systems and protect patient data from unauthorized access.
For all the details on this vulnerability and the additional steps you can take to secure your systems, read our updated FortiManager bulletin.
ServiceNow Sandbox Vulnerability Enabled RCE Attacks
ServiceNow also faced a severe vulnerability where unauthenticated attackers could execute code remotely and access sensitive data. Combined with an SQL injection flaw, this vulnerability poses a significant risk of service disruption if exploited.
Hotfixes and updates were made available, and healthcare organizations should prioritize these patches to protect against potential attacks.
Restricting access and enforcing MFA helped healthcare providers reduce risks associated with this widely used platform.
For a comprehensive overview and mitigation steps, see our ServiceNow bulletin.
Closing
Cybersecurity Awareness Month underscored an urgent truth: resilience is non-negotiable for healthcare organizations. From vulnerabilities in trusted tools to advanced ransomware tactics, October’s threats made it clear that proactive defense is crucial.
Now available on-demand, Fortified’s Keeping Healthcare Healthy panel dives into real-world insights and strategies from healthcare providers.
Discover key tactics to strengthen your cybersecurity posture, benchmarks to gauge your program’s effectiveness, and practical steps to future-proof your defenses. Don’t miss this opportunity to equip your team with the knowledge to stay secure, adaptable, and ready for what lies ahead.
