NextGen interoperability tool vulnerable to RCE attack
MITER included CVE-2023-43208 in its vulnerability exploit catalog on Thursday and the National Institute of Standards and Technology said the flaw, which affects certain versions of NextGen software and could lead to remote code execution , currently awaiting analysis.
WHY IT MATTERS
“Instances of NextGen Healthcare Mirth Connect prior to version 4.4.1 are vulnerable to unauthenticated remote code execution of Mirth Connect by NextGen Healthcare,” NIST said.
This is the second CVE update to the tool in recent months. Designed to help hospitals and healthcare systems centralize and communicate health data across systems and locations, according to NextGen’s website.
When CVE-2023-37679 was discovered in June, NextGen released a beta update and then version 4.4.0 in July. This threat, considered high-level, allowed attackers to execute arbitrary commands on hosting servers.
The newer vulnerability, CVE-2023-43208is caused by the incomplete patch of CVE-2023-37679, according to MITER.
“NextGen Healthcare Mirth Connect before version 4.4.1 is vulnerable to unauthenticated remote code execution,” MITER said.
NIST directs visitors to the National Vulnerability Database to a Horizon3.ai analysis that indicates that Mirth Connect versions dating back to 2015/2016 are vulnerable, especially those facing the Internet.
THE BIG TREND
NextGen has been targeted by cybercriminals more than once this year. In January, the BlackCat ransomware group posted an alleged sample of NextGen information on its extortion site.
“We immediately contained the threat, secured our network and returned to normal operations,” NextGen said after the alleged ransomware attack.
In April, the electronic health records vendor informed affected patients that an unknown third party had used stolen credentials and accessed personal information between March 29 and April 14. In May, NextGen was sued in federal court over the data breach.
While the number of exploited IT vulnerabilities in healthcare increased from 43 to 160 this year, RCE vulnerabilities are the most common, according to an August report on healthcare software and firmware risks by the Health Information Sharing and Analysis Center with Securin and Finite State increased by 437%.
The Cybersecurity and Infrastructure Security Agency said RCE vulnerabilities were among the top vulnerabilities exploited by cybercriminals in 2022, with certain VMware products and Atlassian Confluence and Data Center affected.
CISA and the Federal Bureau of Investigation have also raised alarm bells about these cybersecurity risks to medical devices. In certain cases, such as the Medtronic cardiac device security vulnerability, cyber actors can threaten the health of patients by taking control of medical devices.
“If a healthcare organization has enabled the optional Paceart Messaging Service in the Paceart Optima system, an unauthorized user could exploit this vulnerability to conduct remote code execution and/or denial-of-service attacks by sending specially crafted messages to the Paceart Optima system,” CISA said in its advisory.
ON THE RECORD
“Safety remains a top priority for NextGen Healthcare,” a NextGen Healthcare spokesperson said HealthcareIT news. “Most Mirth Connect users would not be exposed to that vulnerability in their systems, but we recommend users upgrade to the latest version of Mirth Connect if the vulnerability no longer exists.”
Andrea Fox is editor-in-chief of Healthcare IT News.
Email: afox@himss.org
Healthcare IT News is a HIMSS Media publication.