HC3-Sector Alert TLP Clear - Critical MOVEit Vulnerabilities Expose Health Sector to Data Breaches

June 27, 2024

Executive Summary 

A critical vulnerability has been identified in MOVEit, a common file transfer platform utilized in the health sector. This vulnerability exposes healthcare organizations to cyberattacks, especially ransomware and data breaches. Progress, the company that owns and operates the MOVEit platform, has released patches to fix this vulnerability. However, exploit code is also available to the public, and this vulnerability is being actively targeted by cyber threat actors. All healthcare organizations are strongly urged to identify any vulnerable instances of MOVEit that exist in their infrastructure and patch them as a high priority.

View the detailed alert below.

Key Resources

Related Resources

Advisory
HHS Issues Alert on Critical Vulnerability in ‘MOVEit,’ File Transfer Platform Used by Health Care Sector
Public
Special Bulletin
AHA Helps Secure New Cybersecurity Resources from Microsoft and Google to Assist Rural Hospitals
Public
Advancing Health Podcast
How to Survive a Cyberattack with Scripps Health: Part Two
Public
Special Bulletin
HHS Authorizes UnitedHealth Group to Make Breach Notifications on Behalf of Providers
Member
Advancing Health Podcast
How to Survive a Cyberattack with Scripps Health: Part One
Public
Advisory
Agencies Issue Advisory as Ransomware Group Accelerates Attacks on Health Care Sector
Public