August 2024 brought a fresh wave of threats to healthcare organizations. Vulnerabilities in trusted systems like Windows Servers, Ivanti, and SolarWinds are sending a clear message now is the time for proactive, strategic cybersecurity.

Read on to learn about the latest threats and the steps you should take to keep your systems and your patients safe.


MadLicense Permits Full Access Windows Servers

A new vulnerability in Windows servers allows attackers to execute code remotely without user interaction. This exploit, which impacts servers from Windows 2000 through the 2025 preview, stems from a flaw in the Remote Desktop Licensing (RDL) service.

More than 170,000 licenses were exposed online, and the risk to healthcare organizations is particularly severe. A successful exploit could give attackers complete control over critical systems, threatening patient data and essential services’ availability.

Healthcare organizations should prioritize deploying the latest patches to secure their systems. For those unable to apply updates immediately, turning off the RDL service—especially if it is not required—can reduce exposure.

For more information, refer to our MadLicense threat bulletin.


Ivanti vTM Authentication Bypass

Ivanti’s Virtual Traffic Manager (vTM) contains a critical vulnerability that allows remote attackers to bypass authentication and gain administrator access. This issue, present in versions earlier than 22.2R1 and 22.7R2, poses a significant risk for healthcare systems that rely on vTM to manage application traffic flow. If exploited, attackers could take control of critical systems, compromising the security and availability of healthcare applications crucial for patient care.

To mitigate this risk, healthcare organizations should immediately upgrade to the latest version of vTM. Additionally, restricting access to the admin panel by binding it to internal or trusted networks can help prevent unauthorized access.

For further details, see our Ivanti vTM threat bulletin.


SolarWinds Help Desk Vulnerabilities

A severe vulnerability in SolarWinds Web Help Desk was identified, allowing attackers to use hardcoded credentials to access unpatched systems. This vulnerability, CVE-2024-28987, has already been exploited in active attacks and added to CISA’s Known Exploitable Vulnerabilities catalog.

Given the widespread use of SolarWinds Web Help Desk in healthcare IT environments, an unpatched system could lead to unauthorized access to sensitive patient data or critical system functions.

Healthcare organizations should apply the latest hotfix (12.8.3 HF2) to protect against this vulnerability. It is also essential to review patch management protocols to ensure that similar threats are addressed swiftly in the future.

For more information, read our SolarWinds Help Desk threat bulletin.

 

Securing Your Healthcare Organization

The cybersecurity landscape for healthcare organizations continues to evolve, with new threats emerging at a relentless pace. Addressing vulnerabilities promptly, closely monitoring access points, and enforcing robust security measures are crucial steps to maintaining patient care and safeguarding sensitive data.

For more insights on fortifying your defenses, don’t miss our upcoming webinar on Business Impact Analysis (BIA) and Third-Party Risk Management (TPRM) for healthcare.