A critical vulnerability in Orthanc servers, widely used in healthcare settings, has been discovered. This flaw could potentially expose sensitive medical data and disrupt healthcare operations, posing a significant threat to patient privacy and system integrity.
The vulnerability, identified as CVE-2025-0896, affects Orthanc servers prior to version 1.5.8. Orthanc is an open-source DICOM server used to manage and store medical images. The flaw arises from the default configuration, which does not require authentication for remote access.
This oversight allows unauthorized users to gain access to the server and the sensitive data it holds, including medical images and patient records. The vulnerability was discovered by cybersecurity researchers who noted that the lack of authentication could lead to severe consequences, such as data breaches and privacy violations.
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an advisory on February 6, 2025, urging healthcare organizations to take immediate action to mitigate the risk.
Their advice includes updating to the latest version (1.5.8 or later), which addresses the vulnerability, and enabling HTTP authentication in the server’s configuration file. Organizations are also advised to limit network exposure of Orthanc servers, ensuring they are not directly accessible from the internet, and to use firewalls and network segmentation to isolate these servers from other networks.
#CyTech #CyTechNewsRoom #Cybersecurity #CISO #CISOWorkplace™ #VulnerabilityAssesment #CSRM #Vulnerability #Orthanc #CISA
Leave a Reply