Healthcare Providers Warned About Vulnerability in SimpleHelp Remote Access Software

Three vulnerabilities in SimpleHelp Remote Monitoring and Management (RMM) software are thought to be under active exploitation. The American Hospital Association (AHA) in conjunction with the Health Information Sharing and Analysis Center (Health-ISAC) has issued a cybersecurity advisory about the vulnerabilities and threat actor activity. Healthcare organizations have been advised to prioritize patching the vulnerabilities.

The vulnerabilities were identified by researchers at Horizon3 in December 2024 and were disclosed to SimpleHelp on January 6, 2025. Patches were released to fix the vulnerabilities on January 13, 2025, when the flaws were publicly disclosed. Within one week of the public disclosure, threat actors are thought to have started exploiting the vulnerabilities. 

Read the full article in The HIPAA Journal. Click Here

• Related Resources & News
• Potential Terror Threat Targeted at Health Sector – AHA & Health-ISAC Joint Threat Bulletin
• New Cybersecurity Policies Could Protect Patient Health Data
• CyberWire Podcast: PHP flaw sparks global attack wave
• Health-ISAC Hacking Healthcare 3-14-2025
• HSCC Aiming to Identify Healthcare Workflow Chokepoints
• New Healthcare Security Benchmark Highlights Key Investment Priorities and Risks
• Are Efforts to Help Secure Rural Hospitals Doing Any Good?
• CISA cuts $10 million annually from ISAC funding for states amid wider cyber cuts
• 2024 Health-ISAC Discussion Based Exercise Series After-Action Report
• Cobalt Strike takedown effort cuts cracked versions by 80%