Huntress, a cybersecurity firm, has uncovered a series of unauthorized access incidents targeting multiple healthcare organizations. These incidents indicate internal reconnaissance and suggest preparation for further malicious activities. The attackers exploited a locally hosted version of ScreenConnect, a popular remote access tool. This tool is used by Transaction Data Systems, now known as Outcomes, the creators of Rx30 and ComputerRx software.
The threat actors initially gained access to the victim organizations through ScreenConnect. They then proceeded to establish a stronger foothold by installing additional remote access tools like ScreenConnect or AnyDesk. This strategy was designed to ensure persistent access to the affected environments, potentially leading to more significant security breaches. This discovery highlights the need for robust cybersecurity measures in healthcare organizations, especially concerning widely used remote access software.
Below you can watch a video that explains more about this unauthorized access.
Reach out to us on [email protected] for a free consultation or quote on getting huntress deployed to your infrastructure and workstations.
Leave a Reply