Customer Security Newsletter - February 2025

Welcome to the February 2025 MEDITECH Customer Security Newsletter, where we provide you with information and resources to give you insight on security challenges facing your organization and the healthcare community as a whole. Here we endeavor to provide some good information to help you improve your organization's security posture. This data has been gleaned from the review of public records on file with CISA, H-ISAC and Health Sector Cybersecurity Coordination Center (HC3) alerts.  Please note the Talk To Us section, as we would like to tailor future editions of the newsletter to address specific concerns.

Known Exploited Vulnerabilities

From December 30, 2024 until the writing of this bulletin, there have been twenty-nine known exploited vulnerabilities  added to CISA's list . They are CVE-2018-9276, CVE-2018-19410, CVE-2020-2883, CVE-2020-11023, CVE-2020-15069, CVE-2020-29574, CVE-2022-23748, CVE-2023-48365, CVE-2024-12686, CVE-2024-21413, CVE-2024-29059, CVE-2024-40890, CVE-2024-40891, CVE-2024-41713, CVE-2024-45195, CVE-2024-50603, CVE-2024-53104, CVE-2024-55550, CVE-2024-55591, CVE-2025-0282, CVE-2025-21333, CVE-2025-21334, CVE-2025-21335, CVE-2025-23006, CVE-2025-24085, CVE-2025-0411, CVE-2025-0994, CVE-2025-21418, and CVE-2025-21391

All of these additions are based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risks. When looking at the catalog, the CVEs are listed from most recently added by default and the list may be manipulated by using the provided filters. This list was most recently reviewed on, February 12, 2025. 

Vulnerabilities for Hospitals to Watch Out For

These significant vulnerabilities have been shown to have been weaponized in January and February 2025. Intelligence indicates a high degree of caution for hospital infrastructures.

  • CVE-2023-41332 (CRITICAL) This critical vulnerability in Microsoft SharePoint Server allows remote code execution.
  • CVE-2023-41331 (CRITICAL) Successful exploitation of this critical vulnerability in Microsoft SQL Server allows remote code execution.
  • CVE-2023-41330 (CRITICAL) This critical vulnerability in Microsoft SQL Server allows denial of service.
  • CVE-2025-21275 (HIGH): This is a zero-day vulnerability in Windows App Package Installer that allows privilege escalation.
  • CVE-2025-21333 (HIGH), CVE-2025-21334 (HIGH), CVE-2025-21335 (HIGH): These zero-day vulnerabilities are in Windows Hyper-V's NT Kernel Integration VSP that have been exploited in the wild.
  • CVE-2025-23006: (CRITICAL) This critical vulnerability in SonicWall SMA 1000 gateways allows remote code execution.

News

Unlocking Vulnrichment: Enriching CVE Data

On January 21, CISA highlighted its new Vulnrichment initiative to provide CVE data with more context, scoring, and analysis that goes beyond the basics. Read more here...

Cyberattacks will continue to be a challenge

On February 11, H-ISAC  linked to a news article at advisory.com wherin Emily Olsen outlines the four biggest healthcare tech trends for 2025. These include potential new regulations on artificial intelligence to the continuing challenge of cyberattacks. Read more here... 

Additional Resources

Talk to us!

We at MEDITECH would love to hear your feedback about this newsletter and we’d like to know what is on your mind. Is there something you would like us to address?

We also have a question for you that is important to us. What are your largest concerns or security hopes for 2024?

Please let us know by contacting us!

Until next time, stay alert out there!