Vulnerability Management, Security Staff Acquisition & Development

Healthcare data at risk due to NextGen Mirth Connect bug

Healthcare organizations leveraging NextGen HealthCare's open source data integration solution Mirth Connect, which was touted as the "Swiss Army knife of healthcare integration" for enabling standardized data exchange and communications across various systems, have been urged to immediately apply updates to remediate a critical remote code execution flaw, tracked as CVE-2023-43208, which could be exploited to facilitate initial systems access or sensitive data compromise, The Hacker News reports. All MirthConnect instances, including versions of the platform dating back to 2015 or 2016, were noted to be impacted by the bug, which could enable arbitrary command execution on the hosting server, a report from showed. More than 2,200 MirthConnect instances were found to be vulnerable to CVE-2023-43208, most of which were in the U.S., according to a Shodan search. "This is an easily exploitable, unauthenticated remote code execution vulnerability," said researcher Naveen Sunkavally.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.