HHS alerts field to cyberattacks against servers running Veeam software 

May 11, 2023 - 03:02 PM
cybersecurity-hand-lock-graphic_900x400

Health sector organizations should immediately patch a vulnerability in Veeam software used to back up, replicate and restore data on virtual machines, the Department of Health and Human Services’ Health Sector Cybersecurity Coordination Centers (HC3) said in an alert May 10, citing recent attacks against internet-facing servers running the software. The alert recommends organizations remain vigilant for suspicious activity and keep systems up to date. 

“As health care organizations incorporate the use of virtual desktops they should also be aware, as with any technology, of the potential cyber risk exposure created through technical vulnerabilities associated with the technology,” said John Riggi, AHA’s national advisor for cybersecurity and risk. “In this instance, the Veeam backup and replication software contains a significant vulnerability that would allow an attacker to steal user credentials, remotely run highest privilege code, access backups, and potentially steal data or deploy ransomware. Veeam recommends that all users upgrade to the latest version immediately.” 

For more information on this or other cyber and risk issues, contact Riggi at jriggi@aha.org. For the latest cyber and risk resources and threat intelligence, visit  aha.org/cybersecurity

Related News Articles

Headline
Agencies alert health sector of Iranian and Russian cyber threats
The FBI, Cybersecurity and Infrastructure Agency and the Department of Defense Cyber Crime Center Aug. 29 issued a joint advisory to warn of Iranian-based…
Headline
AHA Podcast: Start with Defense — Building a Cyber-ready Team 
Health care is under constant cyberattack threat, but how prepared is the industry to fight back? The lack of resources is especially acute in rural areas. In…
Headline
AHA names new deputy national advisor for cybersecurity risk
AHA Aug. 23 named James “Scott” Gee deputy national advisor for cybersecurity and risk. Gee will work with John Riggi, AHA’s national advisor for cybersecurity…
Headline
HHS alerts health sector to cyberthreat from Everest ransomware group
The Department of Health and Human Services Health Sector Cybersecurity Coordination Center (HC3) this week released an advisory about Everest, a ransomware-as…
Headline
AHA blog: How to prepare for third-party cyber risk 
In his latest AHA Cyber Intel blog, John Riggi, AHA national advisor for cybersecurity and risk, explains why cybercriminals are shifting from directly…
Headline
CISA guidance informs users on software products which should be secure by design and demand 
The Cybersecurity and Infrastructure Security Agency and FBI Aug. 8 released guidance on secure by design software products which includes resources to assess…