Critical MOVEit Vulnerabilities Expose Health Sector to Data Breaches

The Department of Health and Human Services’s (HHS) Health Sector Cybersecurity Coordination Center (HC3) has issued an alert for a critical vulnerability in MOVEit, a widely-used file transfer platform in healthcare. This flaw exposes organizations to ransomware and data breaches. Progress Software has released patches, but with exploit code publicly available, MOVEit remains a prime target for cyber threat actors. Healthcare organizations must promptly identify and patch vulnerable instances. In early June 2024, Progress Software addressed two improper authentication vulnerabilities in MOVEit (CVE-2024-5805 and CVE-2024-5806), affecting various versions. WatchTowr Labs and Censys have published exploits, highlighting the severity. Censys found 2,700 vulnerable MOVEit instances online, mostly in the United States. These critical vulnerabilities, historically targeted by skilled threat actors, require urgent mitigation. Progress Software provides specific patches and mitigation steps. Healthcare organizations are urged to implement these measures immediately to safeguard sensitive data. For more information, please visit Critical MOVEit Vulnerability.