Health Care News, Articles and Updates

Health care software OpenEMR patched after discovery of bugs threatening patient records

A team of researchers yesterday disclosed 22 vulnerabilities in OpenEMR, a widely used medical practice management software program that supports electronic medical records, including a portal authentication bypass flaw that could have allowed users to access random patient records.

MongoDB database exposes more than 2 million Mexican patients

A MongoDB database containing the health care information of more than 2 million patients in Mexico was left exposed revealing sensitive patient information.

Sinking feeling: Hacktivist rescued by Disney cruise ship convicted for DDoS attacks against health facilities

It was not a fairy-tale ending in court yesterday for a criminal hacktivist who had to be rescued by a Disney Cruise ship in 2016, after attempting to flee to Cuba to escape charges of attacking two health care providers.

Singapore securities investor database breached in 2013

The Securities Investors Association (Singapore) or Sias announced it suffered a breach back in 2013.

Ransomware-based breach of Alaskan medical billing vendor impacts Fairbanks municipality

A data breach and corresponding ransomware attack at an Alaskan medical billing company that compromised the health information of roughly 44,600 people counteed a Fairbanks-based government municipality among its victims.

Hackers access personal data of 1.5 million SingHealth patients, including Singapore's prime minister

Singapore's largest health care group, SingHealth, acknowledged today that attackers infiltrated a company database and copied information belonging to roughly 1.5 million patients, including the country's prime minster, Lee Hsien Loong.

MedEvolve FTP server left open to web, patient data compromised

A customer of the medical practice management software firm MedEvolve had the PII of at least 15 patients, and possibly more, were exposed when a file on an FTP server was left open to the internet.

NHS patients' data shared despite their objections, due to data processing error

Data that National Health Service patients in the UK specifically requested be kept private was inadvertently used in a clinical audit and research project due to a nearly three-year long data processing error, a UK government official reported yesterday.

270,000 Med Associates records possibly compromised in data breach

Healthcare claims services provider Med Associates is notifying its patients that the facility suffered a data breach in March potentially exposing PII, including medical diagnosis and payment card information.

HealthEquity breach exposes PII of 23,000 customers

About 23,000 accounts have been compromised by a data breach that took place at HealthEquity when an employee fell for a phishing scam.

Elmcroft Senior Living suffers data breach, patient PII exposed

The personal information of Elmcroft Senior Living residents and their family members, employees and others could have been stolen in a data breach that occurred in mid-May, the Louisville, KY-based company said late Friday.

Dignity Health discloses multiple data breaches to HHS

The San Francisco-based health care facilities operator Dignity Health recently experienced an accidental email breach affecting 55,947 patients, according to a May 31 disclosure form the not-for-profit corporation filed with the U.S. Department of Health and Human Services.

Companies still finding cybersecurity problems following M&A purchases, says report

Fifty-eight percent out of 100 senior health care executives whose companies were involved in a recent merger or acquisition said in a new survey that their particular organization uncovered a cybersecurity problem with its newly annexed business after the deal was already consummated.

Baltimore-based LifeBridge Health breach impacts half a million patients

LifeBridge Health is notifying 500,000 patients that their personal information was exposed in a data breach.

Allied Physicians hit with SamSam ransomware

Allied Physicians of Michiana, Mich., reported it was hit with a SamSam ransomware attack, but was able to quickly restore its systems and the healthcare facility does not believe any patient data was compromised.

Serbian man arrested for alleged connections to Dark Overlord cyber extortion campaigns

Serbian authorities yesterday announced the arrest of a Belgrade man for his alleged affiliation with The Dark Overlord, a malicious cyber threat actor known for extorting U.S. schools, hospitals and entertainment companies, often after stealing their data or content.

The Oregon Clinic patient PHI exposed via email breach

The Oregon Clinic discovered on March 9 that an unauthorized third party had accessed an email account possibly exposing the personal health information for some of its patients.

UnityPoint data breach victims file class action lawsuit

The victims of a phishing attack targeting UnityPoint Health filed a class action lawsuit against the firm claiming victims were falsely told their social security numbers hadn't been compromised

Fitbit teams up with Google

Fitbit and Google have inked a deal that will have the fitness device vendor upload data to Google's Cloud Healthcare API to it can be made accessible by healthcare providers.

Ransomware exposes records of 85,000 Center for Orthopaedic Specialists patients

California's Center for Orthopaedic Specialists (COS) last week disclosed that its three facilities were affected by a ransomware attack on a third-party system that allowed adversaries to access patient data and encrypt it for the purposes of extortion.

Newcomer cybergang Orangeworm targeting healthcare sector

The healthcare industry is under attack by a new cybergang named Orangeworm, which is striking with the Kwampirs backdoor.

FDA pushes for medical devices to include mandatory built in update mechanisms

As researchers continue to find security flaws in medical devices and threat actors continue to target the healthcare sector, the FDA is looking to impose new security measures.

Doctors at RSA simulate emergency overdose caused by hacked medical pump

Doctors at RSA on Thursday presented a riveting simulation of a health care emergency caused by a medical device hack -- showing that physicians' trust in the integrity of their equipment can be misplaced.

Texas Health Resources' patient information exposed in October 2017 email compromise

Texas Health Resources, a nonprofit health care delivery system in north Central Texas, has disclosed that an unauthorized party may have gained access to patient information back in October 2017 by compromising some of the organization's email accounts.

Medical supplier Inogen hit with breach, 30,000 possibly affected

A California-based medical device manufacturer reported that 30,000 former and current customers may have had their personal information exposed when a company employee's email account was compromised.

GAO report recommends stronger security controls for third parties that receive Medicare beneficiary data

The U.S. Government Accountability Office (GAO) last week publicly released a report warning that the Centers for Medicare and Medicaid Services (CMS) has failed to provide specific security controls guidance to research organizations with whom it shares Medicare beneficiary data.

Natus reportedly updates EEG device software to squash RCE, DoS bugs

Health care device manufacturer Natus Medical Incorporated has reportedly updated the software used in its Xltek EEG products, which monitor brain activity, after a researcher discovered five vulnerabilities that a remote, unauthenticated attacker could exploit to trigger code execution of a denial of service condition.