Patches Released to Fix Actively Exploited Flaw in Ivanti Endpoint Mobile Manager

Posted by Steve Alder

Ivanti has released patches to fix a maximum-severity zero-day vulnerability in its Endpoint Mobile Manager (EPMM) mobile device management solution (formerly MobileIron Core). The vulnerability is tracked as CVE-2023-35078 and is an authentication bypass vulnerability with a CVSS score of 10. Successful exploitation of the vulnerability will allow an unauthorized user to access restricted functionality or resources of the application, gain access to sensitive user data, and potentially make limited changes to the server.

Ivanti said the vulnerability affects all supported versions of its EPMM solution (11.10, 11.9, and 11.8) as well as older versions, although the patches have only been released for supported versions. Evidence has been found that indicates the vulnerability has already been exploited in attacks, although the extent to which the vulnerability is being exploited is unclear. The Norwegian government is believed to be one of the victims. Hackers allegedly exploited the flaw to compromise 12 government ministries in the country.

According to security researcher Kevin Beaumont, the flaw is very easy to exploit, and given the severity of the flaw and known active exploitation, immediate patching is strongly recommended. Beaumont recommended that anyone still using an unsupported version that has reached end-of-life should switch off the appliance until an upgrade to a supported version is possible. The updated EPMM versions with the patch applied are EPMM 11.8.11, 11.9.11, and 11.10.02. More than 2,000 MobileIron user portals are exposed to the Internet and are potentially able to be exploited, most of which are located in the United States.

The post Patches Released to Fix Actively Exploited Flaw in Ivanti Endpoint Mobile Manager appeared first on HIPAA Journal.

24,400 Rite Aid Customers Had Personal Informatiion Compromised in May Cyberattack

Posted by Steve Alder

Rite Aid has confirmed that the protected health information of up to 24,400 of its customers has been stolen in a cyberattack. The stolen files contained names, birth dates, addresses, prescription information, and limited insurance information. Social Security numbers and financial information were not exposed or stolen in the attack. Rite Aid said a vulnerability was exploited by the attackers to gain access to sensitive data. Rite Aid was notified about the vulnerability by a third-party vendor and a patch has now been applied to correct the vulnerability.

The vulnerability was identified on May 31, 2023, with the forensic investigation confirming data theft occurred on May 26, 2023. While Rite Aid did not disclose the name of the vendor, the timing of the attack and the nature of unauthorized access suggest this was an attack by the Clop threat group which conducted mass attacks that exploited a zero-day vulnerability in Progress Software’s MOVEIT Transfer file transfer solution.

Wake Family Eye Care Suffers Ransomware Attack

Wake Family Eye Care in Cary, NC, recently fell victim to a ransomware attack. The attack was detected on June 2, 2023, when files were discovered to have been encrypted. Systems were immediately isolated to prevent further unauthorized access and the incident was contained the same day. A third-party forensics firm was engaged to investigate and determine the extent of the breach and while no evidence of data theft was found, it was not possible to rule out the possibility of data theft.

The review of files on the affected part of the network revealed they contained names, addresses, dates of birth, partial or full Social Security Numbers, driver’s license/passport/other government-issued ID numbers, insurance numbers, optical images, chart numbers, and related eye records. Financial information was not compromised.

Notification letters have been sent to the 14,264 individuals potentially affected by the incident.

Catholic Charities of the Archdiocese of Newark Investigating Cyberattack

Catholic Charities of the Archdiocese of Newark has confirmed that unauthorized individuals gained access to some of its computer systems. The breach was detected on May 8, 2023, and third-party cybersecurity experts were engaged to investigate and determine the nature and scope of the breach. The investigation confirmed that hackers had access to systems where protected health information was stored between April 30, 2023, and May 8, 2023. Some of the files were acquired in the attack.

The stolen files included individuals’ names, dates of birth, driver’s license information, Social Security number, medical information, and health insurance information. The review of the files is ongoing to determine how many individuals have been affected and notification letters will be sent when that process has been completed. To meet the deadline for reporting data breaches, the HHS was notified that at least 501 individuals have likely been affected. The total will be updated when the investigation is completed.

Lancaster Orthopedic Group Notifies Patients About March Cyberattack

Lancaster Orthopedic Group in Manheim Township, PA, has discovered unauthorized access to its network. The breach was detected on March 29, 2023, with the review of the affected files confirming that names, addresses, dates of birth, Social Security numbers, medical treatment information, and insurance information was potentially compromised. The breach has been reported to the HHS’ Office for Civil Rights as affecting a minimum of 500 individuals, although up to 2,000 patients may have been affected.

The post 24,400 Rite Aid Customers Had Personal Informatiion Compromised in May Cyberattack appeared first on HIPAA Journal.