A vulnerability in NextGen Healthcare Mirth Connect product, a widely used, open-source data integration platform, is actively being exploited by attackers despite being publicly disclosed and a patch being made available, as reported by CISA. The vulnerability, CVE-2023-43208, involves 'deserialization of untrusted data vulnerability' and was first reported in October, then updated in January. Security firm Horizon3
ai described it as an 'unauthenticated remote code execution vulnerability,' emphasizing the importance of upgrading to version 4.4.1 or later. Microsoft threat intelligence reported that China-based threat actor Storm-1175 exploited this vulnerability for initial access, potentially leading to compromise of sensitive healthcare data. Organizations are advised to patch or disconnect Mirth Connect from the internet, though upgrading may pose integration challenges and custom patches could be in use. NextGen, the provider of the affected product, has not responded to requests for comment. Besides the exploitation of this flaw, NextGen is facing class action lawsuits following a health data breach in 2023 that affected 1 million individuals, raising concerns about the overall security practices of the healthcare provider. ```https://www.bankinfosecurity.com/cisa-nextgen-healthcare-flaw-still-exploited-after-7-months-a-25287