Progress Software issued an emergency directive to customers running on-premises ShareFile Storage Zone Controllers, instructing them to shut down those servers immediately after the company identified what it described as a credible external security threat. The notification, sent directly by email to affected customers, targets the self-hosted variant of ShareFile — the enterprise file-sharing and collaboration platform — rather than Progress's cloud-hosted environment. For healthcare organizations that chose on-premises deployment to maintain tighter control over protected health information, the directive creates an immediate operational and compliance decision point.

What the directive says

Progress did not publicly disclose the specific nature of the threat in its customer communications, using the phrase "credible external security threat" without elaborating on the attack vector or whether active exploitation had already occurred. The shutdown instruction applies specifically to Storage Zone Controllers — the on-premises component that allows enterprises to host their own ShareFile data rather than storing files in Progress's cloud infrastructure.

That distinction matters. Organizations that store files entirely in Progress's managed cloud environment are not the stated target of the directive. But customers who chose local hosting — a configuration common among regulated industries that want data to remain within their own network perimeter — are the ones being asked to take systems offline.

Why healthcare organizations are exposed

ShareFile has a significant footprint in regulated industries, including healthcare, where its encrypted file-transfer capabilities are marketed for sharing clinical documents, referral packets, and administrative records. Healthcare customers who deployed Storage Zone Controllers in order to keep files on their own infrastructure now face a situation where that same on-premises control creates the exposure.

Shutting down a Storage Zone Controller interrupts file access for any workflow depending on that node. For practices managing referral coordination, billing document exchange, or inter-provider record sharing through ShareFile, an immediate shutdown means those workflows stop until Progress issues further guidance or a remediation path becomes available.

Healthcare organizations using the affected configuration should also evaluate whether the threat — whatever its nature — could have resulted in unauthorized access to files already stored on the controller. If protected health information resided on a compromised or targeted system, HIPAA breach-assessment obligations apply regardless of whether an exploit was confirmed. The standard is whether impermissible access cannot be ruled out, not whether it was proven.

What the situation signals about on-premises file-sharing risk

The ShareFile directive follows a pattern seen repeatedly with enterprise file-transfer and secure-messaging software: on-premises deployments of otherwise reputable platforms become high-value targets precisely because they sit at organizational boundaries and handle sensitive data. Progress itself experienced a significant prior incident with its MOVEit Transfer product in 2023, which threat actors exploited at scale across dozens of sectors including healthcare.

That history means security teams and compliance officers at healthcare organizations should treat this directive as an opportunity to audit all on-premises file-transfer components in their environment — not only ShareFile — and confirm that emergency shutdown procedures, vendor notification channels, and business-continuity fallbacks for file exchange are documented and tested. Relying on a single on-premises node for time-sensitive clinical document exchange without a continuity plan is an operational gap that incidents like this one expose quickly.

Progress has indicated it will provide further guidance; customers should monitor direct vendor communications and not rely solely on third-party reporting for remediation instructions.