Healthcare data at risk due to NextGen Mirth Connect bug

Healthcare organizations leveraging NextGen HealthCare's open source data integration solution Mirth Connect, which was touted as the "Swiss Army knife of healthcare integration" for enabling standardized data exchange and communications across various systems, have been urged to immediately apply updates to remediate a critical remote code execution flaw, tracked as CVE-2023-43208, which could be exploited to facilitate initial systems access or sensitive data compromise, The Hacker News reports. All MirthConnect instances, including versions of the platform dating back to 2015 or 2016, were noted to be impacted by the bug, which could enable arbitrary command execution on the hosting server, a report from Horizon3.ai showed. More than 2,200 MirthConnect instances were found to be vulnerable to CVE-2023-43208, most of which were in the U.S., according to a Shodan search. "This is an easily exploitable, unauthenticated remote code execution vulnerability," said Horizon3.ai researcher Naveen Sunkavally.