CISA issues warning for new actively exploited NextGen Healthcare Mirth Connect vulnerability

NextGen Healthcare Mirth Connect is an open-source integration engine used primarily in healthcare IT for exchanging healthcare data between various systems. It enables interoperability between different healthcare applications, and allows secure and efficient transfer of data through standardized protocols and formats such as HL7, DICOM, and FHIR.

No details about the flaw

This vulnerability reportedly came as a side-effect of the company trying to fix a previous critical-severity flaw, tracked as CVE-2023-37679. This vulnerability, carrying a severity score of 9.8, was also described as a pre-auth remote code execution, and received a fix in August last year.

Besides adding the vulnerability to the KEV list, CISA said very little about the flaw. Thus, we don’t know who the threat actors are, how they are exploiting it, who the victims are, or how many of them there are.

CISA gave federal agencies a deadline of June 10 to update their endpoints and bring Mirth Connect to version 4.1.1.

Given the sensitivity of the information they operate, organizations in the healthcare industry are one of the most targeted ones out there. There are multiple ways cybercriminals can weaponize sensitive data, from selling it on the black market for a profit, to extorting money from victim companies.

When healthcare organizations lose data in a cyberattack, they lose trust from their patients, which ultimately translates to loss of business. From the other end, legislators and data watchdogs can demand significant investments in cybersecurity measures, as well as fines for losing patient data, which also translates to less earnings.

Via The Hacker News

More from TechRadar Pro

• CISA warns on JetBrains TeamCity flaw that could allow hackers to generate admin accounts
• Here's a list of the best firewalls today
• These are the best endpoint protection tools right now