A report by Censys indicates that most internet-accessible REDCap servers are outdated and vulnerable to attacks, particularly from state-sponsored actors like the China-linked group UNC6508. REDCap, a web-based platform used in medical research, is particularly targeted for cyberespionage, with UNC6508 successfully hacking into multiple legacy servers. Less than 1% of the approximately 8,500 exposed REDCap instances are updated to the latest software version.
Nearly 30% are running a version deemed outdated, which increases their risk of being compromised. Organizations using REDCap are advised to ensure their systems are up-to-date and to follow security best practices, such as separating web and database servers.