-
MDRAddress the growing frequency, type, and severity of cyber threats against SMB endpoints
-
SIEMCentralize threat visibility and analysis, backed by cutting-edge threat intelligence
-
Risk Assessment & Vulnerability ManagementIdentify unknown cyber risks and routinely scan for vulnerabilities
-
Identity ManagementSecure and streamline client access to devices and applications with strong authentication and SSO
-
Cloud App SecurityMonitor and manage SaaS security risks for the entire Microsoft 365 environment.
-
SASEZero trust secure access for users, locations, and devices
-
Enterprise-grade SOCProvide 24/7 threat monitoring and response backed by proprietary threat research and intelligence and certified cyber experts
-
Policy ManagementCreate, deploy, and manage client security policies and profiles
-
Incident Response ServiceOn-tap cyber experts to address critical security incidents
-
Cybersecurity GlossaryGuide to the most common, important terms in the industry
02/27/2024
ConnectWise Addresses ScreenConnect Vulnerability and Clarifies Connection to Change Healthcare Incident
February 27, 2024 – We emphasize that ConnectWise is unaware of any confirmed connection between the ScreenConnect vulnerability disclosed on February 19th, 2024, and the incident at Change Healthcare.
Our internal reviews have yet to identify Change Healthcare as a ScreenConnect customer, and none of our extensive network of managed service providers have come forward with any information regarding their association with Change Healthcare.
As typical examples, cyberattacks can occur through numerous avenues, including vulnerabilities, phishing, and business email compromise. While usually used for IT service delivery and product support, attackers can misuse remote control tools to facilitate malicious activities.
ConnectWise continuously collaborates with the IT community and ecosystem, especially during challenging periods like this. We welcome the opportunity to collaborate with any cyber researcher who claims to know this situation. Security remains a top priority for ConnectWise, and our prompt response showcases our commitment to mitigating the ScreenConnect vulnerability. Here is a summary of the timeline of events:
- On February 13th, an independent researcher reported the potential ScreenConnect vulnerability using the ConnectWise vulnerability disclosure process.
- ConnectWise mitigated all cloud instances of ScreenConnect within 48 hours.
- On February 19th, ConnectWise released an official patch for all on-prem partners, posted a security bulletin to the ConnectWise Trust Center, and sent partner comms urging all partners to patch.
- On February 19th, ConnectWise initiated contact with CISA.
- On February 21st, because cybersecurity is essential to ConnectWise and our partners, as an interim step, on-prem partners not on maintenance can update to patched ScreenConnect 22.4.20001.8817 at no additional cost.
- On February 22nd, for precautionary measures, ConnectWise paused functionality for unpatched versions of on-prem ScreenConnect until customers update to a patched version.
- ConnectWise strongly recommends all on-prem partners be on maintenance and upgrade to 23.9.8 or later.
As a reminder, we recommend companies using on-prem software to patch regularly and update their software.
Welcome to the ConnectWise newsroom
Access the latest ConnectWise press releases, media coverage & more
For all media inquiries, please email PR@ConnectWise.com
About ConnectWise:
ConnectWise is the world's leading software company dedicated to the success of IT solution providers (TSPs) through unmatched software, services, community, and marketplace of integrations. ConnectWise offers an innovative, integrated, and security-centric platform—Asio™—which provides unmatched flexibility that fuels profitable, long-term growth for partners. ConnectWise enables TSPs to drive business efficiency with automation, IT documentation, and data management capabilities and increase revenue with remote monitoring, cybersecurity, and backup and disaster recovery technologies. For more information, visit connectwise.com.