Adrian Johnson
TLDR:
- The Department of Health and Human Services issued a critical cyber alert about a vulnerability in the MOVEit file transfer platform used in the health sector.
- Health care organizations are urged to patch vulnerable instances of MOVEit to prevent cyberattacks like ransomware and data breaches.
The Department of Health and Human Services Health Sector Cybersecurity Coordination Center issued an alert on June 27 about a critical vulnerability in MOVEit, a widely used file transfer platform in the health sector. The vulnerability exposes health care organizations to cyberattacks, particularly ransomware and data breaches. Progress, the company behind MOVEit, has released patches to address the issue, but exploit code is already accessible to the public, making it a high priority for all health care organizations to identify and patch vulnerable instances of the platform in their systems.
John Riggi, AHA National Advisor for Cybersecurity and Risk, emphasized the seriousness of the vulnerability due to how MOVEit is commonly used to transfer sensitive data like protected health information. Last year, a Russian ransomware group successfully exploited vulnerabilities in MOVEit, resulting in the theft of health care records of millions of Americans. This incident contributed to a record number of health care records stolen in 2023, reaching 136 million, a 300% increase from the previous year.
Riggi highlighted how insecure third-party technology and service providers can expose hospitals and health systems to significant cyber risks, as evidenced by the critical vulnerabilities in MOVEit. The alert serves as a warning to prioritize patching and securing instances of MOVEit to protect against potential cyber threats.
