Agencies recommend action to defend Ivanti VPN gateways from compromise

Mar 01, 2024 - 02:45 PM
cybersecurity

U.S. and international agencies Feb. 29 urged health care and other critical infrastructure organizations using Ivanti Connect Secure VPN and Ivanti Policy Secure to take certain steps to defend against known cyber threats that Ivanti’s Integrity Checker Tool may fail to detect.

“Perhaps the most important point to mention at this moment is that we do not have any indication this alert is in any way related to the Change Healthcare breach,” said John Riggi, AHA’s national advisor for cybersecurity and risk. “Nevertheless, this remains a significant threat being actively exploited by sophisticated foreign adversaries targeting previously published vulnerabilities in the Ivanti Connect Secure VPN and Policy Secure services. According to the alert, threat actors are able to bypass authentication controls and maintain undetected, root-level persistent access. The alert references multiple cyber threats related to the Chinese government. Organizations still using these Ivanti services should implement described patches and consider the significant risk of adversary access to, and persistence on, Ivanti Connect Secure and Policy Secure gateways when determining whether to continue operating these devices in an enterprise environment.”

For more information on this or other cyber and risk issues, contact Riggi at jriggi@aha.org. For the latest cyber and risk resources and threat intelligence, visit aha.org/cybersecurity.

Related News Articles

Headline
Senate holds hearing on health care cybersecurity and patient privacy
In a statement submitted to the Senate Health, Education, Labor and Pensions Committee for a hearing today on health care cybersecurity and patient privacy,…
Headline
AHA podcast: When Cyberattacks Strike — Is Your Board Ready?
Cyberattacks on hospitals are urgent threats to patient safety, care delivery and public trust. In this conversation, Ajay Gupta, board chair of Trinity Health…
Headline
FDA announces software patch available for Contec, Epsimed patient monitors to address vulnerabilities
The Food and Drug Administration yesterday released a safety notice announcing a software patch is available to address cybersecurity vulnerabilities in…
Headline
Agencies release fact sheet on potential of malicious activity by Iranian cyber actors 
The Cybersecurity and Infrastructure Security Agency, FBI, Department of Defense Cyber Crime Center and the National Security Agency June 30 released a fact…
Headline
CMS warns of phishing fax scheme; AHA monitoring other reported social engineering schemes 
The Centers for Medicare & Medicaid Services today announced it has identified a fraud scheme targeting Medicare providers and suppliers. CMS said scammers…
Headline
Agencies issue advisory on updated tactics by Play ransomware group
The FBI, Cybersecurity and Infrastructure Security Agency and Australian Cyber Security Centre June 4 released an advisory on updated actions and tactics used…