The HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

HC3 Warns of Threat of Unauthorized Remote Access via ScreenConnect Tool

Posted By on Jan 23, 2024

The ScreenConnect remote access tool has been abused by a threat actor to gain access to the networks of organizations in the healthcare and public health (HPH) sector. According to a sector alert from the Health Sector Cybersecurity Coordination Center (HC3), between October 28 and November 8, 2023, an unknown threat actor abused a locally hosted ScreenConnect instance to gain remote access to victims’ networks.

Once access was gained, the threat actor installed further remote access tools including SecureConnect and AnyDesk instances to allow persistent access to victims’ networks. Researchers at the cybersecurity company Huntress identified two attacks on distinct healthcare organizations and the threat actor’s activity suggests network reconnaissance was being conducted in preparation for attack escalation.

On November 14, the vendor of ScreenConnect said the threat actor gained access to an unmanaged on-premises instance of ScreenConnect that had not been updated since 2019. The ScreenConnect vendor said the organizations affected had gone against recommended best practices. In the attack, the threat actor leveraged local ScreenConnect instances used by the pharmacy supply chain and management systems solution provider Transaction Data Systems (now Outcomes). The company makes Rx30 and ComputerRx software that is used by pharmacies in all 50 states. The Huntress researchers have not been able to determine the impact of the attack, but say it could be substantial.

HC3 has provided Indicators of Compromise (IoCs) associated with the attack and advises all clients of the pharmacy supply chain and management systems solution provider to take immediate action and examine their systems and networks for the IoCs. If any of the IoCs are identified they should be taken seriously and warrant a prompt and thorough investigation and comprehensive breach response.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

According to HC3, the compromised endpoints used an unmanaged instance of a Windows Server 2019 system and organizations should take concerted steps to safeguard their infrastructure. HC3 recommends implementing enhanced endpoint monitoring solutions, robust cybersecurity frameworks, and engaging n proactive threat hunting to mitigate potential threat actors’ intrusions.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist