Health services company Independent Living Systems has disclosed a data breach that impacts more than 4 million individuals.
The post Data Breach at Independent Living Systems Impacts 4 Million Individuals appeared first on SecurityWeek.
Cyberattacks have exposed a myriad of vulnerabilities in our healthcare infrastructure, and will continue to do so as new and innovative medical technologies are developed.
The post How the Best CISOs Drive Operational Resilience appeared first on SecurityWeek.
Zoll Medical is notifying one million individuals that their personal information was compromised in a data breach earlier this year.
The post Zoll Medical Data Breach Impacts 1 Million Individuals appeared first on SecurityWeek.
Cerebral is informing 3.1 million individuals that their PHI was inadvertently exposed via third-party tracking technologies.
The post Cerebral Informing 3.1 Million Individuals of Inadvertent Data Exposure appeared first on SecurityWeek.
House and Senate members informed that hackers may have gained access to their sensitive personal data in DC Health Link breach.
The post Congress Members Warned of Significant Health Data Breach appeared first on SecurityWeek.
San Diego healthcare services provider Sharp HealthCare is informing patients that some of their information was compromised in a recent data breach.
A not-for-profit healthcare provider, Sharp operates multiple hospitals and facilities in San Diego County, has 19,000 employees and works with roughly 2,700 affiliated physicians.
The incident took place on January 12, when an unauthorized party gained access to a server running the Sharp.com website, the company says in a data breach notice.
According to the healthcare services provider, the unauthorized access lasted for a few hours only, but, during this time, the attackers accessed a file containing patient data.
The compromised information, the company says, includes names, payment amounts, which Sharp facilities received the payments, and Sharp identification numbers and/or invoice numbers.
Payment card data, Social Security numbers, contact information, health insurance details, birth dates, clinical information, or details about received services were not accessed.
“Additionally, this incident did not involve unauthorized access to Sharp’s medical record systems or the FollowMyHealth patient portal,” the healthcare provider says.
According to the organization, the incident only impacted Sharp patients who used the online bill payment service to pay a bill or invoice between August 12, 2021, and January 12, 2023. According to The San Diego Union Tribune, roughly 63,000 individuals were impacted.
“We have no indication that anyone’s information has been misused. However, as a precaution, we are mailing notification letters to individuals whose information was involved in this incident,” Sharp says.
Stolen personal and medical information is often shared or traded on underground hacker forums and later used by cybercriminals in phishing and other types of cyberattacks.
Related: Vulnerabilities in OpenEMR Healthcare Software Expose Patient Data
Related: Ransomware Hit 200 US Gov, Education and Healthcare Organizations in 2022
Related: Data Breach at Louisiana Healthcare Provider Impacts 270,000 Patients
The post Patient Information Compromised in Data Breach at San Diego Healthcare Provider appeared first on SecurityWeek.
Tallahassee Memorial HealthCare (TMH) has canceled procedures and is diverting some patients following a cyberattack that forced it to take some IT systems offline.
Founded in 1948, the not-for-profit community healthcare system provides acute and other types of healthcare services to a 21-county area in North Florida, South Georgia and South Alabama.
On February 3, TMH announced that, late Thursday night, it fell victim to a cyberattack that forced it to disconnect some of its IT systems and start operating under downtime protocols.
On February 5, the healthcare services provider announced that the situation had not been remedied, with all non-emergency surgical and outpatient procedures initially scheduled for February 6 being canceled and rescheduled.
TMH announced that it implemented incident response protocols immediately after discovering the incident, and that backup and downtime protocols it has in place allow it to continue to provide care to its patients.
“We are still operating under downtime procedures, which means we are using paper documentation. We apologize for any delays this may create. We practice for situations like this, and we are prepared to provide safe, high-quality care to our patients during computer system downtimes,” the healthcare provider said on Sunday.
TMH also said that an investigation into the incident was ongoing, without providing details on the type of cyberattack it experienced or on whether any personal or health information was compromised during the attack.
However, the fact that the organization was forced to disconnect some of its IT systems to contain the incident suggests that ransomware might have been involved.
SecurityWeek has emailed TMH for additional information on the incident and will update this article as soon as a reply arrives.
Related: Ransomware Hit 200 US Gov, Education and Healthcare Organizations in 2022
Related: Data Breach at Louisiana Healthcare Provider Impacts 270,000 Patients
Related: Healthcare Organizations Warned of Royal Ransomware Attacks
The post Florida Hospital Cancels Procedures, Diverts Patients Following Cyberattack appeared first on SecurityWeek.
Vulnerabilities in the OpenEMR healthcare software could allow remote attackers to steal sensitive patient data or execute arbitrary commands and take over systems.
OpenEMR is an open source software used for the management of health records. It also allows patients to schedule appointments, get in touch with physicians, and pay invoices.
Security researchers at Sonar Source identified and reported three vulnerabilities in OpenEMR, including two that can be chained to achieve remote code execution (RCE).
“A combination of these vulnerabilities allows remote attackers to execute arbitrary system commands on any OpenEMR server and to steal sensitive patient data. In the worst case, they can compromise the entire critical infrastructure,” Sonar warns.
The first of the identified issues is described as an unauthenticated arbitrary file read and exists because the OpenEMR installer does not delete itself after the installation is completed.
Because the installation process is divided into several steps, an unauthenticated attacker could abuse a user-controlled parameter to perform some of these steps (but not a complete setup).
The attacker can invoke a function to read the current theme from the database, which results in a database connection being established using attacker-controlled properties.
A MySQL statement can be used to load the contents of a file to the database table, and a modifier can be supplied so that the file is read from the client instead of the server.
“A malicious server can request the content of another file, even in response to a totally different query from the client,” Sonar notes.
This allows an unauthenticated attacker to use a rogue MySQL server to read OpenEMR files such as backups, certificates, passwords, and tokens.
Sonar also discovered that an attacker could abuse a cross-site scripting (XSS) flaw to execute JavaScript code in the victim’s browser. The attacker can upload a PHP file and exploit a local file inclusion (LFI) to achieve RCE.
The XSS exists because, when requesting a PHP file, the browser first renders the HTML code, and only then the JavaScript context, which allows the attacker to use HTML entities within an event handler.
The LFI, Sonar explains, exists because a user-controlled variable is concatenated to a path and not sanitized, which allows an attacker to upload a PHP file and use a path traversal via the LFI to execute the file.
Sonar reported the security defects in October 2022. One month later, the vendor patched all bugs by adding sessions and CSRF checks and restricting the installation process, by encoding the character ‘&’ for an HTML entity to prevent the XSS, and by sanitizing the user-controlled parameter to prevent the LFI.
OpenEMR version 7.0.0 resolves all vulnerabilities. Users are advised to update their installations as soon as possible.
Related: CSRF Vulnerability in Kudu SCM Allowed Code Execution in Azure Services
Related: Most Cacti Installations Unpatched Against Exploited Vulnerability
Related: Exploitation of Control Web Panel Vulnerability Starts After PoC Publication
The post Vulnerabilities in OpenEMR Healthcare Software Expose Patient Data appeared first on SecurityWeek.
