NextGen Healthcare Mirth Connect, a widely utilized data integration platform in the healthcare sector, is currently under attack, prompted by a critical Google Chrome vulnerability.
Here’s what you need to know: The Vulnerability: CISA has added a concerning security flaw, CVE-2023-43208, affecting NextGen Healthcare Mirth Connect to its Known Exploited Vulnerabilities (KEV) catalog. This flaw stems from an incomplete patch for another critical vulnerability, CVE-2023-37679, allowing for unauthenticated remote code execution.
The Risks: With the flaw centering on insecure usage of the Java XStream library, security experts warn that it’s easily exploitable. Despite limited details on the nature of attacks, the situation is severe, especially considering the recent uptick in nation-state and cybercrime actor exploitation of similar vulnerabilities.
Action Required: To mitigate the risks, federal agencies and healthcare organizations must act swiftly. It’s crucial to update to the patched version of Mirth Connect (version 4.4.1 or later) by June 10, 2024, alongside ensuring Chrome browsers are updated to version 125.0.6422.60/.61 for Windows, macOS, and Linux.
Protect Your Network: Stay proactive in safeguarding your network against active threats. Ensure your systems are up-to-date with the latest security patches and measures to prevent potential cyberattacks.
By staying informed and taking necessary precautions, we can collectively enhance cybersecurity resilience and protect critical healthcare infrastructure from malicious exploitation.
