Welcome to the June 2025 MEDITECH Customer Security Newsletter, where we provide you with information and resources to give you insight on security challenges facing your organization and the healthcare community as a whole. Here we endeavor to provide some good information to help you improve your organization's security posture. This data has been gleaned from the review of public records on file with CISA, H-ISAC and Health Sector Cybersecurity Coordination Center (HC3) alerts. Please note the Talk To Us section, as we would like to tailor future editions of the newsletter to address specific concerns.
Known Exploited Vulnerabilities
From May 12, 2025 until the writing of this bulletin, there have been 29 known exploited vulnerabilities added to CISA's list . They are CVE-2025-47729, CVE-2025-32709, CVE-2025-30397, CVE-2025-32706, CVE-2025-32701, CVE-2025-30400, CVE-2025-32756, CVE-2025-42999, CVE-2024-12987, CVE-2023-38950, CVE-2024-27443, CVE-2025-27920, CVE-2024-11182, CVE-2025-4428, CVE-2025-4427, CVE-2025-4632, CVE-2021-32030, CVE-2025-3935, CVE-2025-35939, CVE-2024-56145, CVE-2023-39780, CVE-2025-21479, CVE-2025-21480, CVE-2025-27038, CVE-2025-5419, CVE-2024-42009, CVE-2025-32433, CVE-2025-33053, and CVE-2025-24016.
All of these additions are based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risks. When looking at the catalog, the CVEs are listed from most recently added by default and the list may be manipulated by using the provided filters. This list was most recently reviewed on June 13, 2025.
Vulnerabilities for Hospitals to Watch Out For
These significant vulnerabilities have been shown to have been weaponized in May and June 2025. Intelligence indicates a high degree of caution for hospital infrastructures.
- CVE-2025-33053 (HIGH): Remote code execution (RCE) targeting WebDAV
- CVE-2025-33073 (HIGH): Client elevation of privilege targeting Windows SMB
- CVE-2025-47162 (HIGH), CVE-2025-47164 (HIGH), CVE-2025-47167 (HIGH), and CVE-2025-47953 (HIGH): RCEs targeting Microsoft Office
- CVE-2025-32717 (HIGH): RCE targeting Microsoft Office
- CVE-2025-32710 (HIGH): RCE targeting Windows Remote Desktop Services
- CVE-2025-29828 (HIGH): RCE targeting Windows Cryptographic Services
- CVE-2021-34470 (HIGH): Elevation of privilege targeting Microsoft Exchange Server
- CVE-2025-32433 (HIGH): Elevation of privilege over the network targeting Windows Netlogon
News
SAFECOM and National Council of Statewide Interoperability Coordinators (NCSWIC) develop Artificial Intelligence in Emergency Communications Centers Infographic
Given the persistent staffing and operational challenges facing Emergency Communication Centers (ECCs, also known as 911 centers), Artificial Intelligence (AI) is being increasingly considered as a crucial tool to enhance daily operations, improve efficiency, and bolster cybersecurity in emergency services.
Health-ISAC Heartbeat flags surge in ransomware, VPN exploits across healthcare systems
On June 10, 2025, H-ISAC linked an article discussing the upward trend of ransomware incidents in the fourth quarter of 2024 and first quarter of 2025.
Additional Resources
- HHS 405(d) Aligning Health Care Industry Security Approaches - The 405(d) Program and Task Group is a collaborative effort between industry and the federal government, which aims to raise awareness, provide vetted cybersecurity practices, and move healthcare organizations towards consistency in mitigating the current most pertinent cybersecurity threats to the sector. Their website provides the latest resources and information as well as an opportunity for involvement.
- Helpful resources CISA has provided can be found on the following pages:
Talk to us!
We at MEDITECH would love to hear your feedback about this newsletter and we’d like to know what is on your mind. Is there something you would like us to address?
We also have a question for you that is important to us. What are your largest concerns or security hopes for 2024?
Please let us know by contacting us!
Until next time, stay alert out there!