Urgent: Ivanti EPMM Vulnerabilities Under Active Exploitation – Health ISAC Warns

Security teams are scrambling to address newly discovered critical vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM) as reports surface of active exploitation attempts. The Health Information Sharing and Analysis Center (Health ISAC) has issued a stark warning, urging organizations using Ivanti EPMM to prioritize patching and heightened monitoring. This breaking news impacts organizations relying on this mobile device management solution, and demands immediate attention for SEO and Google News visibility.

What’s Happening with Ivanti EPMM?

Researchers have identified two critical vulnerabilities within Ivanti EPMM. While the initial activity was highly targeted, affecting a limited number of users before public disclosure, the Health ISAC reports the vulnerability is now being actively exploited. Errol Weiss, security chief at Health ISAC, emphasized the urgency, stating, “This vulnerability is being actively exploited and any organization using Ivanti EPMM should treat it as an urgent patch and monitor it closely.”

Why This Matters to Healthcare (and Beyond)

The Health ISAC’s alert is particularly significant given the recent surge in cyberattacks targeting the healthcare sector. According to recent reports, healthcare cyberattacks surged by 55% in 2025. Weiss further noted that even with a low threat potential, affected systems are often “mission-critical,” making rapid remediation and increased vigilance essential. This underscores the potential for significant disruption, even if the initial attack surface appears small.

What Should You Do Now?

Organizations currently utilizing Ivanti EPMM should take the following steps immediately:

• Prioritize Patching: Apply any available security patches for Ivanti EPMM as quickly as possible.
• Enhanced Monitoring: Implement increased monitoring of systems utilizing Ivanti EPMM to detect any suspicious activity.
• Targeted Information: The Health ISAC has identified a small number of potentially exposed organizations and is providing them with targeted information and mitigation tips. Organizations should proactively check for communications from the Health ISAC.

The landscape of cybersecurity threats is constantly evolving, and the healthcare industry remains a prime target. Staying informed about vulnerabilities like those in Ivanti EPMM, and acting swiftly to mitigate risk, is no longer optional – it’s a necessity. Archyde.com will continue to provide updates on this developing situation and offer insights into the broader cybersecurity challenges facing organizations today.