Even though spring has officially sprung, recent Ivanti and Fortinet vulnerabilities have made it feel a bit like Groundhog Day.
As we’ve examined the vulnerabilities associated with Ivanti’s Secure Connect and FortiClient solutions over the past few months, it’s become clear that closing the security loopholes has posed significant challenges.
While the coverage may start to sound a bit repetitive, the risks related to these vulnerabilities remain real and present, especially for healthcare organizations.
Challenges fixing Ivanti Connect Secure vulnerabilities
A lot has happened in the past few months concerning Ivanti. We’ve created a timeline for your reference to make it easier for you to follow the developments and understand the complexity of the attacks, patches, and updated remediation guidance.
Investigations found that Ivanti’s Integrity Checker Tool (ICT) failed to detect compromises effectively, and active cyber attacks using Ivanti exploits were observed. A new joint CSA was issued to draw attention to the high risk posed by these attacks.
Due to the complexity of this threat, government agencies have stressed that organizations with Ivanti Connect Secure and Ivanti Policy Secure solutions should assume they’ve been compromised.
For more details, check out our March threat bulletin recapping the Ivanti patch updates.
Fortinet vulnerability impacts FortiClient software
Although Fortinet’s FortiOS SSL VPN disclosed flaws back in February, an estimated 150,000 vulnerable devices were still exposed in March.
Possibly compounding this risk is a new vulnerability within Fortinet’s FortiClient Enterprise Management Server (EMS) Software. This flaw enables threat actors to initiate Remote Code Execution (RCE) attacks, allowing them to access system privileges.
This attack method is particularly alarming for healthcare organizations as user interaction isn’t required. If corrective measures aren’t taken, attackers can deploy ransomware, exfiltrate data, and disrupt patient care.
Fortinet has advised users to immediately update to the corrected version of FortiClient EMS. For more insights about Fortinet RCE attacks, reference our March advisory bulletin.
Resources to protect your healthcare organization
To defend against today’s cyber threats, healthcare organizations must have more robust cybersecurity programs. To support this effort, HHS recently released new healthcare-focused cybersecurity performance goals (CPGs), a step forward in HHS’ effort to propose new, enforceable cybersecurity standards across policies and programs.
To learn more about these CPGs and what they might mean for your organization’s cybersecurity program, watch our on-demand webinar with representatives from HHS and 405(d).