MEDantex Healthcare Transcription Firm Accidentally Exposes Medical Records

MEDantex, a healthcare transcription service based in Wichita, Kansas, shut down its customer portal when it learned sensitive medical records for thousands of doctors were exposed online. Physicians can upload audio notes about their patients to a MEDantex Web portal, which is supposed to be password-protected but was found by KrebsOnSecurity to be open to […]

Cybersecurity task force addresses medical device safety

In an effort to harmonize the work being done in hospitals and by device manufacturers to address medical device vulnerabilities, Vizient has formed the Medical Device Cybersecurity Task Force. The mission of the task force is to provide leadership and facilitate collaboration to minimize the risk and cost of medical device cybersecurity by fostering standard […]

Mysterious cyber worm targets medical systems, is found on X-ray machines and MRI scanners

A newly discovered cybercriminal group is installing custom malware onto the systems of organisations in healthcare and related sectors in order to conduct corporate espionage. These targeted attacks are carried out against a small number of selected organisations as well as the supply chains which serve them, with the tactics and use of custom malware suggesting […]

Ransomware, healthcare and incident response: Lessons from the Allscripts attack

On January 18, 2018, at around 2:00 a.m. EST, the security operations center (SOC) at electronic health record (EHR) and practice management software provider Allscripts detected abnormal activity. Four hours later, the SOC started their investigation and discovered a full-blown ransomware incident due to SamSam, a family of ransomware that is known to target healthcare […]

Critical remote code execution vulnerabilities impact Natus medical devices

A set of critical vulnerabilities have been uncovered in Natus NeuroWorks software which may place medical devices connecting to the software at risk. Earlier this week, researchers from Cisco Talos said in a blog post that the vulnerabilities could not only cause services to crash but may also allow attackers to remotely execute code on medical devices. […]

Most healthcare pros believe their organizations adequately protect patient data

Most of the healthcare professionals polled remain confident regarding their own organization’s cyber security protocols despite apprehensions connected with their own healthcare information and general healthcare infrastructure, according to a Venafi survey querying 122 healthcare professionals at the HIMSS18 conference in Las Vegas. In fact, seventy-nine percent said they are concerned about the cyber security […]

Fixing Hacks Has Deadly Impact on Hospitals

Breaches of private information in hospital records are serious and expensive security events but remediating them can be deadly. That’s the conclusion of a study presented last week at the 4A Security and Compliance Conference. The data shows that the type and scale of a breach don’t have an impact on patient outcomes but that breaches […]

IoT security warning: Cyber-attacks on medical devices could put patients at risk

Poor cybersecurity in Internet of Things (IoT) medical devices potentially poses risks to both the wellbeing of patients as well as to the infrastructure that keeps hospitals running. The Royal Academy of Engineering worked alongside the Petras Internet of Things research hub to produce a report on IoT, cyber-safety, and reliance — and the message is that […]

Medical Apps Come Packaged with Hardcoded Credentials

Two popular applications for medical records management contain hidden user accounts with hard-coded credentials that could be abused by hackers, a researcher has found. Rapid7 today published a report on the newly discovered security vulnerabilities (CVE-2018-5551 and CVE-2018-5552) in DocuTrac’s electronic medical record (EMR) software QuicDoc and Office Therapy billing software. DocuTrac software runs at […]

134,000 Possibly Affected in St. Peter’s Server Data Breach

Another day and another healthcare data breach. This time unauthorized hackers gained access to St. Peter’s Surgery & Endoscopy Center (the Center) servers on January 8, 2018, according to an online statement. The potential data breach was discovered on the same day of the infiltration, the Center said. The incident “did not involve or affect […]