In the endless battle to safeguard healthcare organizations against cyber threats, July was certainly no ordinary month.

As blue screens spanned the globe from CrowdStrike’s Falcon updates, ESXi hypervisors became a prime target for ransomware attacks and a significant flaw in OpenSSH posed a potential risk to millions of systems.

Read on to understand these threats and the actions you need to take to protect your organization.


VMware ESXi Hypervisor Flaw

A critical flaw in VMware ESXi hypervisors became the target of at least six ransomware groups. This flaw, an Active Directory (AD) integration authentication bypass, allows attackers to create new groups with administrative access on domain-joined ESXi hypervisors. By exploiting this vulnerability, threat actors gain control over systems, move laterally within networks, and deploy ransomware that encrypts files.

Healthcare organizations are particularly vulnerable due to the interconnected nature of their systems and the vast amounts of sensitive patient data they manage. A successful cyberattack disrupts lifesaving technology and can lead to data theft and financial fraud.

Recommendations include upgrading VMware ESXi to version 8 or VMware Cloud Foundations to version 5. Additionally, consider enabling ESXi Lockdown mode, minimizing open firewall ports, and ensuring security patches are current.

Refer to our ESXi threat bulletin for more detailed recommendations and mitigation strategies.


CrowdStrike Sensor Update Results in Major Windows Outage

After an endpoint update, CrowdStrike Falcon caused significant disruptions by triggering blue screen errors on Windows systems worldwide. The bug led to outages across various industries, including healthcare, where the impact was particularly severe.

Affected healthcare organizations reported disruptions to critical SaaS solutions, such as Oncology and Radiology services, and many systems required reimaging due to issues with disk encryption. The incident underscores the importance of testing updates in a controlled environment before deployment to production systems.

CrowdStrike has since released a fix and a workaround to access systems experiencing these issues. Healthcare organizations should follow the recommended steps to boot affected Windows systems in Safe Mode, delete the faulty driver, and apply the fixed update.

For more details, read our CrowdStrike threat bulletin.


OpenSSH Critical Vulnerability

A critical vulnerability in OpenSSH was discovered, which could allow unauthenticated remote code execution on glibc-based Linux systems. Given the critical nature of healthcare operations that rely on Linux, reviewing and updating business continuity plans is imperative to ensure that patient care can continue during a technology outage.

Although this exploit has only been executed in lab environments so far, the public availability of the flaw’s details makes it a significant threat that should be addressed immediately. The flaw affects systems running versions of OpenSSH earlier than 9.8p1 and could lead to a complete system compromise.

Healthcare organizations should prioritize patching OpenSSH to the latest version, restrict SSH access, and implement network segmentation to prevent unauthorized access.

For more information and guidance, please see our OpenSSH threat bulletin.

 

Strengthen Your Cyber Defense

In the ongoing cybersecurity journey, staying informed and proactive is essential for healthcare providers. The threats outlined in July highlight the need for immediate action to patch vulnerabilities, test updates in controlled environments, and implement robust security practices across all systems.

To further bolster your defenses, check out our webinar on the tabletop exercises (TTX). Learn how healthcare organizations are testing and improving their cybersecurity program.