CISA issues warning for new actively exploited NextGen Healthcare Mirth Connect vulnerability

Federal agencies have until early June to patch up

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

The US Cybersecurity and Infrastructure Security Agency (CISA) has added a new vulnerability to its Known Exploited Vulnerabilities (KEV) list, thus alerting government agencies and other firms of active exploitation in the wild.

The new addition is an authenticated code execution vulnerability found in NextGen Healthcare Mirth Connect. It is tracked as CVE-2023-43208, and has not yet been given a severity score.

NextGen Healthcare Mirth Connect is an open-source integration engine used primarily in healthcare IT for exchanging healthcare data between various systems. It enables interoperability between different healthcare applications, and allows secure and efficient transfer of data through standardized protocols and formats such as HL7, DICOM, and FHIR.

No details about the flaw

This vulnerability reportedly came as a side-effect of the company trying to fix a previous critical-severity flaw, tracked as CVE-2023-37679. This vulnerability, carrying a severity score of 9.8, was also described as a pre-auth remote code execution, and received a fix in August last year.

Besides adding the vulnerability to the KEV list, CISA said very little about the flaw. Thus, we don’t know who the threat actors are, how they are exploiting it, who the victims are, or how many of them there are.

CISA gave federal agencies a deadline of June 10 to update their endpoints and bring Mirth Connect to version 4.1.1.

Given the sensitivity of the information they operate, organizations in the healthcare industry are one of the most targeted ones out there. There are multiple ways cybercriminals can weaponizesensitive data, from selling it on the black market for a profit, to extorting money from victim companies.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

When healthcare organizations lose data in a cyberattack, they lose trust from their patients, which ultimately translates to loss of business. From the other end, legislators and data watchdogs can demand significant investments in cybersecurity measures, as well as fines for losing patient data, which also translates to less earnings.

ViaThe Hacker News

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

HPE reveals critical security bug affecting networking access points

A critical Palo Alto Networks bug is being hit by cyberattacks, so patch now

New Secretlab Skins Lite let you overhaul the look of your chair for under $100