Urgent Patching Required to Fix Actively Exploited Cisco Flaws

Posted by Steve Alder

Threat actors are actively exploiting multiple Cisco vulnerabilities for which patches were previously issued in August; however, attacks are ongoing, including attacks on devices that have been improperly patched.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued a cybersecurity alert this week about two critical Cisco vulnerabilities – CVE-2025-30333 and CVE-2025-20362 – affecting Cisco Adaptive Security Appliances (ASA) and Firepower devices. The vulnerabilities affect devices running Cisco Secure ASA Software or Cisco Secure FTD Software and have CVSS v3.1 base scores of 9.9 and 9.8. The vulnerabilities can be exploited by sending specially crafted HTTP requests to a vulnerable web server on a device.

Cisco issued patches to fix the vulnerabilities in August this year, warning that hackers could exploit the flaws to execute commands at a high privilege level. The flaws allow threat actors to access restricted URL endpoints that should be inaccessible without authentication. By exploiting the flaws, attackers can execute code on vulnerable devices. If the vulnerabilities are chained, an attacker can gain full control of the devices. At the time the patches were issued, Cisco warned that the vulnerabilities had already been exploited as zero-days in the ArcaneDoor campaign, which exploited two other flaws.

While many organizations applied the patches and believed they were protected against exploitation, in some cases, the patches were applied without updating the minimum software version, leaving the organizations vulnerable to exploitation. “In CISA’s analysis of agency-reported data, CISA has identified devices marked as ‘patched’ in the reporting template, but which were updated to a version of the software that is still vulnerable to the threat activity outlined in the [Emergency Directive], explained CISA in the alert. “CISA recommends all organizations verify the correct updates are applied.” CISA has published guidance on patching the two vulnerabilities and warned that immediate patching is required, including on devices that are not exposed to the Internet.

The post Urgent Patching Required to Fix Actively Exploited Cisco Flaws appeared first on The HIPAA Journal.

MedQ Agrees to Settlement to Resolve Ransomware Attack Lawsuit

Posted by Steve Alder

MedQ Inc., an administrative service provider serving the healthcare industry, has agreed to settle class action litigation over a December 2023 ransomware attack that affected 54,725 individuals.

A ransomware group accessed its network and deployed ransomware on or around December 26, 2023. The investigation confirmed unauthorized access to its network from December 20, 2023, and the exfiltration of data from its network. The stolen data included names, dates of birth, health information, health insurance information, Social Security numbers, and driver’s license numbers. Complimentary credit monitoring services were offered, but that was not sufficient to prevent several class action lawsuits.

Five lawsuits were filed in response to the data breach by plaintiffs Sharon Klepper, Shelby D. Franklin, Cheri Ramey, Jana Harrison, and Debra Everett, individually and on behalf of similarly situated individuals. The lawsuits had overlapping claims and were consolidated into a single action – Klepper, et al. v. MedQ, Inc. – in the District Court of Oklahoma County, Oklahoma, on May 13, 2024.

MedQ disagreed with all claims in the lawsuit and maintains there was no wrongdoing or liability. MedQ filed a motion to dismiss, and in the motion to dismiss briefing, all parties decided to explore early resolution of the action and scheduled mediation on December 20, 2024. Following a second attempt at mediation on April 25, 2025, the material terms of a settlement were agreed upon by all parties. The terms of the settlement have now been agreed and have received preliminary approval from the court.

The settlement provides class members with two years of three-bureau credit monitoring services, which include dark web monitoring, public records monitoring, medical identity monitoring, and identity theft insurance. In addition, class members may choose one of two cash benefits. A claim may be submitted for reimbursement of documented, unreimbursed losses due to the data breach up to a maximum of $5,000 per class member, plus a cash payment of up to $90 as compensation for lost time (up to 3 hours at $30 per hour) on tasks related to the data breach, such as changing passwords, investigating accounts, and researching the data breach.  Alternatively, class members may claim a one-time cash payment of $50.

The deadline for objection to and exclusion from the settlement is December 1, 2025. The deadline for submitting a claim is December 15, 2025, and the final fairness hearing has been scheduled for December 18, 2025.

The post MedQ Agrees to Settlement to Resolve Ransomware Attack Lawsuit appeared first on The HIPAA Journal.