close
close

HC3 warns of critical vulnerabilities in MOVEit platform that pose increased risk to healthcare sector

Posted on by darion

The U.S. Department of Health and Human Services (HHS) Health Sector Cybersecurity Coordination Center (HC3) has issued another alert to the healthcare sector about critical vulnerabilities in the MOVEit platform that pose a significant risk of data breaches. The sector alert states that a critical vulnerability identified in MOVEit exposes healthcare organizations to cyberattacks, specifically ransomware and data breaches.

“Progress, the company that owns and operates the MOVEit platform, has released patches to address this vulnerability,” HC3 wrote in its latest alert. “However, the exploit code is also publicly available, and this vulnerability is being actively targeted by threat actors. All healthcare organizations are strongly urged to identify any MOVEit vulnerabilities that exist in their infrastructure and patch them as a priority.”

Progress Software, the creator of a popular healthcare file transfer platform, identified and patched two incorrect authentication vulnerabilities in its MOVEit-managed file transfer (MFT) platform early last month. The vulnerabilities are identical except for the MOVEit platform versions they affect. Both have been patched.

“Shortly after the Progress security bulletins were published, WatchTowr Labs published further research on one of them – CVE-2024-5806 – which not only provided further details on the vulnerability but also explored how it could be exploited,” HC3 revealed. “WatchTowr also publicly released proof-of-concept exploit code. Censys followed up on this research in late June, noting that at the time of publication, it had identified 2,700 vulnerable MOVEit MFT instances accessible from the internet, the majority of which were physically located in the United States.”

The agency added that these vulnerabilities – especially CVE-2024-5806 – should be taken seriously because they are egregious in nature. Additionally, the MOVEit platform has previously been the target of large-scale attacks by highly skilled threat actors.

In early June 2024, Progress Software patched two security flaws in its MOVEit platform. The first flaw, CVE-2024-5805, relates to improper authentication in Progress MOVEit Gateway SFTP modules, allowing authentication bypass. This issue specifically affects MOVEit Gateway 2024.0.0.

The second vulnerability, CVE-2024-5806, concerns a similar improper authentication flaw in the MOVEit Transfer SFTP module, which can also lead to authentication bypass. This vulnerability affects MOVEit Transfer versions 2023.0.0 through 2023.0.11, 2023.1.0 through 2023.1.6, and 2024.0.0 through 2024.0.2.

Last June, HC3 assessed that a critical security flaw in MOVEit Transfer software could result in unauthorized access and privilege escalation across the healthcare sector.

Last month, HC3 published a threat profile for Qilin ransomware, also known as Agenda ransomware. The ransomware-as-a-service (RaaS) has been active since 2022, targeting healthcare organizations and other industries around the world. The group, believed to be based in Russia, was known to be recruiting partners in late 2023.

Anna Ribeiro

Editor of Industrial Cyber ​​​​News. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.