The American Hospital Association and FBI are urging hospitals and health systems that are Oracle customers to “immediately” fix a security flaw that cybercriminals are likely already leveraging to hack into networks.
The security gap in the Oracle E-Business Suite enterprise resource planning system allows remote access to the program without a username or password.
‘This is ‘stop-what-you’re-doing and patch immediately’ vulnerability,” Brett Leatherman, assistant director of the FBI’s cyber division, posted Oct. 5 on LinkedIn. “The bad guys are likely already exploiting in the wild, and the race is on before others identify and target vulnerable systems.”
The AHA recommends that hospitals and health systems share the advisory with their cybersecurity and IT teams right away. Several news outlets reported that a ransomware group has likely used the vulnerability to steal data.
Organizations are advised to apply Oracle’s patch (and a 2023 critical patch update first); isolate or firewall certain servers or components so they aren’t network-exposed, hunt for signs of compromise; monitor threat intel feeds; and contact their local FBI field office if they’ve been hacked through this security bug.
The post Hospitals scramble to fix major Oracle vulnerability appeared first on Becker’s Hospital Review | Healthcare News & Analysis.
Health IT
