HHS alerts of MOVEit Transfer critical vulnerability putting healthcare sector at risk, as Mandiant offers more detail

US healthcare organisations have been warned about a vulnerability in widely used software MOVEit Transfer, with threat intelligence firm Mandiant saying the flaw is being exploited by threat cluster UNC4857. The flaw enables the escalation of privileges giving the potential for unauthorised access. The Health Sector Cybersecurity Coordination Center has recommended that healthcare organisations take immediate steps to mitigate the issue. Initial investigations suggest that data theft could be taking place in some cases.