Vulnerability in Mirth Connect


In late October, the Centre for Cybersecurity Belgium (CCB) issued an alert about a major vulnerability in NextGen Healthcare’s Mirth Connect software.

To address this vulnerability, NextGen Healthcare has provided a patch in Mirth Connect version 4.4.1.

However, it may not be realistic to upgrade all affected systems in the short term.

Therefore, Amaron is providing alternative solutions:

Restricting access to the Mirth server

While the vulnerability could be exploited via the Mirth Connect API, by default Amaron never installs Mirth servers with public access to the Mirth Connect API. Consequently, the vulnerability can only be exploited via the internal network.

Nevertheless, given the severity of the vulnerability, it is recommended that access to the Mirth server for the Admin be restricted through firewall rules on the local OS. Since the Mirth Connect Administrator and Amaron MirthWatch client also use the Mirth Connect API, this is best done in a targeted manner.

Amaron patch

Amaron has implemented and validated NextGen’s patch in a specific version of the XStream library making it usable and effective across multiple Mirth Connect versions. This way, the vulnerability can be fixed faster for our customers.

This patch can be installed for Mirth Connect versions 3.4.2 to 4.4.0, with very limited downtime.

Our customers’ ICT teams will receive a mailing with information on actions that can be taken.

While upgrading Mirth Connect to version 4.4.1 is also possible, this would require more time and have more impact, and should therefore be carefully planned.

Should you have any questions, we invite you to contact us at support@amaron.be.