Since its detection in February, the impact of Change Healthcare’s cyber attack has been staggering. Unfortunately, this is not the only incident that’s impacted healthcare organizations. Several others have sparked urgent calls for updates and heightened vigilance among IT teams, stressing the cyber pressures that constantly confront the healthcare sector.
Change Healthcare cyber attack
Throughout the latter part of February, the headlines were focused on Change Healthcare’s disclosure of a breach on the 21st, coinciding with a surge in ConnectWise ScreenConnect attacks. The investigations linked these ScreenConnect vulnerabilities directly to Change Healthcare’s incident, causing further service disruptions.
Many healthcare vendors and IT teams use ScreenConnect, which can run on outdated equipment that might not receive regular updates or thorough security checks. Security experts warn that hackers are likely to exploit these vulnerabilities, raising the risk of a large-scale healthcare supply chain attack. Such an event could seriously disrupt healthcare services, hindering organizations from providing essential patient care.
It’s highly recommended that ScreenConnect users update to the newest version ASAP, regardless of whether they are self-hosted or on-premise. Also of note is that ConnectWise ScreenConnect cloud instances have already been updated, so end-users don’t need to take any action.
For additional information and remediation details, check out our full threat bulletin.
Ivanti security flaws, patches, and resets
Two Ivanti security flaws allowed hackers to gain full control of networks. These vulnerabilities affect all supported Ivanti Connect Secure and Policy Secure Gateways.
A serious issue with this exploit is that threat actors can bypass MFA and use stolen credentials to gain access to internal systems. Once inside, it’s possible that they can deploy ransomware, steal data, and put medical technologies at risk.
While creating patches for Ivanti software, security researchers detected two new security vulnerabilities, a discovery that led to a delay in releasing fixes for Ivanti Connect Secure and Ivanti Policy Secure Servers.
The updated mitigation is available to download from the Ivanti portal. However, before applying a patch, Ivanti recommends that administrators perform a factory reset on devices to prevent the possibility of a bad actor obtaining upgrade persistence.
You can reference this threat bulletin for additional information and recommendations.
Potential new attack vector identified
New vulnerabilities were also reported in FortiOS in February. Attackers could use these to engage in destructive cyber activity against healthcare organizations, potentially compromising an entire IT network. Government agencies warned that hackers are positioning themselves for malicious cyber activity on IT networks in the event of a crisis or conflict with the U.S.
To protect your healthcare infrastructures and patient data, the recommendation is to immediately upgrade FortiOS versions on vulnerable devices.
For more insights and details, review our FortiOS SSL VPN flaw threat bulletin.
Windows Defender SmartScreen zero-day
A zero-day vulnerability was discovered that allows an attacker to send a specially crafted file to a targeted user, bypassing security checks. As malware gangs often target healthcare organizations, it is conceivable that they’d use this zero-day against them in an attempt to steal data or deploy ransomware.
Microsoft recommends issuing the latest patch and ensure that Windows in up-to-date to mitigate this vulnerability. Learn more in our zero-day alert.
Staying ahead of cyber threats
If the cyber events from February taught us anything, it’s that good communication is vital when it comes to cybersecurity.
For valuable insights and strategies for communicating effectively with your healthcare leadership, watch out on-demand webinar, Getting the C-suite on Your Team.