Hack Attack: Hospital Manager Backend Services Vulnerability Exposes Sensitive Data
Attention all healthcare cyberspace defenders: Before September 19, 2025, Vertikal Systems’ Hospital Manager Backend Services was about as secure as a screen door on a submarine. View CSAF for more details on how unauthorized users could access sensitive information and how to stay protected.
Hot Take:
In a shocking revelation, Vertikal Systems’ Hospital Manager Backend Services was found to be more open than a 24/7 convenience store, serving up sensitive information to any cyber hooligan who knew where to look. But fret not, dear healthcare warriors! The vulnerabilities have been patched, and your sensitive data is now safer than a cat in a tree. Just remember, the only thing that should be exposed in a hospital is the patient file, not the backend.
Key Points:
– Hospital Manager Backend Services had vulnerabilities allowing unauthorized access to sensitive data.
– CVE-2025-54459 and CVE-2025-61959 were the culprits, scoring 8.7 and 6.9 on the CVSS v4 scale respectively.
– The vulnerabilities were exploitable remotely with low attack complexity.
– Vertikal Systems fixed the issues by September 19, 2025.
– No known public exploitation of these vulnerabilities has been reported.