Recent vulnerabilities discovered in MOVEit Transfer and MOVEit Cloud systems could pose a significant risk to the healthcare sector, where the secure transfer of sensitive data is paramount. MOVEit, a managed file transfer product from Progress Software, is widely used for automated high-volume, HIPAA- and GDPR-compliant transfers. These vulnerabilities could compromise the security of data transfers and expose hospitals and healthcare organizations to potential breaches.
Two significant vulnerabilities have been identified in the MOVEit Transfer and MOVEit Cloud systems, according to reports from the Cybersecurity and Infrastructure Security Agency (CISA) and Progress, the company behind the MOVEit products. If exploited, these vulnerabilities could lead to unauthorized access and escalated privileges within the affected systems, posing a significant risk to the security of data transferred and stored using these platforms.
The vulnerabilities were discovered on June 9 and May 31, 2023. The first vulnerability could lead to escalated privileges and unauthorized access to the environment. The second vulnerability was found during an ongoing investigation into the first vulnerability. These vulnerabilities underscore the persistent threats to cybersecurity and the need for constant vigilance and proactive measures to protect against potential attacks.
Upon discovery of the vulnerabilities, Progress promptly launched an investigation, alerted MOVEit customers of the issue, and provided immediate mitigation steps. A security patch was developed and released within 48 hours of the vulnerability's discovery. "All MOVEit Transfer customers must apply the new patch," Progress stated in a security advisory. The company also thanked its partners and collaborators, including CISA, Crowdstrike, Huntress, Mandiant, Microsoft, and Rapid7, for their assistance in identifying and addressing these vulnerabilities.
Progress has released patches for both vulnerabilities and is urging all MOVEit Transfer customers to apply the new patches. Customers are also advised to follow recommended mitigation guidance and monitor for known Indicators of Compromise (IoC). For MOVEit Cloud customers, the latest patch was released on June 9, 2023. Customers are encouraged to review their audit logs for signs of unexpected or unusual file downloads and continue to review access logs and systems logging, together with their systems protection software logs.
The discovery of these vulnerabilities is a reminder of the ongoing threats to cybersecurity in the healthcare industry. It highlights the importance of robust cybersecurity measures and the value of collaboration in the cybersecurity industry. The swift response by Progress and its partners demonstrates the effectiveness of a proactive and collaborative approach to cybersecurity.
The investigation into these vulnerabilities is ongoing. As new details are uncovered, Progress will continue to update its customers and the broader cybersecurity community. In the meantime, customers who have not yet applied the patches are urged to do so immediately. They should also follow the recommended mitigation guidance and monitor for known Indicators of Compromise. Customers with questions are encouraged to contact Progress Customer Technical Support for further assistance.
Related: HIPAA Compliant Email: The Definitive Guide