Healthcare Cybersecurity Threats: February 2025
February showed attackers that they don’t need new tricks when old ones still work. Cybercriminals aren’t just relying on past playbooks. They’re refining their methods, launching more targeted phishing campaigns, weaponizing zero-click vulnerabilities, and turning trusted tools into attack vectors.
Here is a look at six cybersecurity threat alerts from the past month.
Fortinet’s Super Admin Vulnerability
Imagine an attacker gaining super-admin access to your Fortinet firewalls without credentials. That’s exactly what’s happening with CVE-2024-55591, a vulnerability actively exploited since December. A second flaw (CVE-2025-24472) allows attackers to bypass authentication entirely, turning affected Fortinet devices into a playground for cybercriminals.
Healthcare organizations relying on Fortinet firewalls should take immediate action to secure these systems before bad actors do it for them. See what’s at risk.
Cisco ISE: A Backdoor Waiting to Happen
Cisco’s Identity Services Engine (ISE) is meant to protect networks, but two high-risk vulnerabilities (CVE-2025-20124 and CVE-2025-20125) could let attackers execute remote commands and escalate privileges. If exploited, these flaws could grant unauthorized access to network controls, opening the door to serious security breaches.
Attackers love this kind of vulnerability, so don’t wait for them to exploit it. Get ahead of the threat.
Banned Cameras Still in Healthcare Networks
Surveillance equipment banned by the U.S. government for national security reasons is still showing up in healthcare facilities—sometimes under new branding to evade detection. These devices could provide an unexpected entry point for cybersecurity threats, raising serious data security and compliance concerns.
If your facility hasn’t reviewed its security hardware recently, now’s the time to take a closer look. Here’s why it matters.
Microsoft Sysinternals Vulnerability
A newly identified flaw in Microsoft’s Sysinternals tools allows attackers to execute malicious DLL files and elevate privileges, a potential stepping stone for deeper network intrusions. Microsoft isn’t releasing a patch, meaning organizations must find other ways to mitigate the risk before attackers exploit it.
When the usual security updates don’t arrive, IT teams must take control and know what to do next.
Outlook RCE: No Click, No Problem (For Attackers)
A zero-click vulnerability (CVE-2024-21413) in Microsoft Outlook is actively exploited. This vulnerability allows attackers to bypass security protections and steal credentials without the user opening an email. It’s a phishing dream come true and a nightmare for organizations that rely on Outlook for daily communication.
Cybersecurity threats like this require more than patching; it demands extra layers of protection. Find out what else you need to do.
SonicWall Exploit Targets Secure Access Gateways
SonicWall’s Secure Mobile Access (SMA) 1000 series appliances are under attack. A newly discovered deserialization vulnerability (CVE-2025-23006) is already being exploited in the wild. This flaw lets attackers execute remote code, potentially gaining complete control over the affected device.
Remote access security is critical—if your organization uses SonicWall, it is time to reinforce its defenses. See why this matters.
Protecting Yourself from Cybersecurity Threats
Cybersecurity threats aren’t slowing down, and neither can your security strategy. The best defense starts with awareness. Threat actors are growing bolder, targeting more healthcare organizations and leveraging sophisticated techniques.
Staying informed is step one, but organizations must also take proactive action to harden their security posture.
For a look at ways to protect your organizations from cybersecurity threats, read our latest blog: The Critical Role of Healthcare Cybersecurity Escalations.
