Progress tells ShareFile customers to shut down storage zone controllers over security threat

Progress Software orders immediate shutdown of ShareFile Storage Zone Controllers over credible security threat.

MRAdmin
By
2 Min Read

Progress Software has ordered ShareFile customers to immediately shut down their Storage Zone Controllers while the company investigates a credible external security threat, raising concerns for healthcare organizations that rely on the platform for protected health information exchange.

The urgent advisory, issued July 10, instructs all customers using on-premises Storage Zone Controllers to power down the systems until further notice. ShareFile is widely used across the healthcare sector for secure document sharing, including the transmission of electronic protected health information (ePHI) between providers, patients, and business associates.

Storage Zone Controllers are a critical component of the ShareFile architecture, managing data storage on customer-controlled infrastructure. An attacker with access to these systems could potentially intercept or exfiltrate sensitive files, including medical records, billing documents, and clinical data.

This is not Progress Softwares first security incident affecting healthcare customers. In 2023, the company disclosed multiple critical vulnerabilities in its MOVEit file transfer software that were exploited by the Clop ransomware gang, leading to hundreds of breaches across healthcare systems nationwide. The Clop attacks on MOVEit resulted in the exposure of millions of patient records and prompted class action lawsuits against affected healthcare organizations.

Healthcare CISOs should verify whether their organizations operate ShareFile Storage Zone Controllers, immediately power down any active instances, and implement alternative secure file transfer methods until Progress provides further guidance. Organizations should also review access logs for signs of unauthorized activity and prepare incident response plans in the event that the threat escalates to a confirmed compromise.

Share This Article
Leave a Comment

Leave a Reply

Your email address will not be published. Required fields are marked *