July 14, 2024

Flex Tech

Innovation in Every Curve

HC3 warns of critical vulnerabilities in MOVEit platform that pose enhanced risk to healthcare sector

The Health Sector Cybersecurity Coordination Center (HC3) of the U.S. Department of Health & Human Services (HHS) has once again issued a warning to the healthcare sector about critical vulnerabilities on the MOVEit platform that pose significant risks for data breaches. The sector alert observed that the critical vulnerability identified in MOVEit exposes healthcare organizations to cyberattacks, especially ransomware and data breaches. 

“Progress, the company that owns and operates the MOVEit platform, has released patches to fix this vulnerability,” the HC3 wrote in its recent alert. “However, exploit code is also available to the public, and this vulnerability is being actively targeted by cyber threat actors. All healthcare organizations are strongly urged to identify any vulnerable instances of MOVEit that exist in their infrastructure and patch them as a high priority.”

Maker of the common file transfer platform utilized in the health sector, Progress Software identified and patched two improper authentication vulnerabilities in their MOVEit-managed file transfer (MFT) platform early last month. These vulnerabilities are identical, other than the versions of the MOVEit platform that they affect. Both of them have been patched. 

“Shortly after the Progress security bulletins were released, WatchTowr labs released further research on one of them – CVE-2024-5806 – which not only provided further details on the vulnerability but also explored how it might be exploited,” the HC3 disclosed. “WatchTowr also publicly released proof-of-concept exploit code. The company Censys followed this up with research in late June noting that, at the time of publication, they were able to identify 2,700 vulnerable MOVEit MFT instances accessible from the Internet, most of which were physically located in the United States.” 

The agency added that these vulnerabilities – especially CVE-2024-5806 – should be taken seriously, as they are inherently egregious, but additionally, the MOVEit platform has been previously targeted by highly capable threat actors on a large scale. 

In early June 2024, Progress Software patched two vulnerabilities in their MOVEit platform. The first vulnerability, CVE-2024-5805, relates to an improper authentication issue in Progress MOVEit Gateway’s SFTP modules, allowing for an authentication bypass. This issue specifically impacts MOVEit Gateway 2024.0.0. 

The second vulnerability, CVE-2024-5806, concerns a similar improper authentication flaw in the MOVEit Transfer’s SFTP module, which could also lead to an authentication bypass. This vulnerability affects MOVEit Transfer versions from 2023.0.0 up to 2023.0.11, from 2023.1.0 up to 2023.1.6, and from 2024.0.0 up to 2024.0.2.

The HC3 assessed last June that the critical vulnerability that exists in MOVEit Transfer software could result in unauthorized access and privilege escalation across the healthcare sector. 

Last month, the HC3 released a threat profile for Qilin ransomware, also known as Agenda ransomware. The ransomware-as-a-service (RaaS) has been active since 2022, targeting healthcare organizations and other industries globally. Likely originating from Russia, the group was noted for recruiting affiliates toward the end of 2023.