HAPI FHIR: ReDoS via FHIRPath matches()/replaceMatches() in FHIR Validator HTTP Endpoint

All implementations of FHIRPathEngine accept arbitrary FHIRPath expressions and evaluate them without input validation. The FHIRPath functions matches, matchesFull, and replaceMatches pass user-controlled regular expressions directly to Java's Pattern.compile and String.replaceAll without...

The Conduent breach; from 10 million to 25 million (and counting)

The Conduent breach has quietly grown into one of the biggest third‑party data incidents in US history, and the real story now is how many different programs and employers are swept up in it, even for people who have never heard of Conduent. When we first covered this incident, public filings...

CVE-2025-67752 OpenEMR Has Disabled SSL Certificate Verification in HTTP Client

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 7.0.4, OpenEMR's HTTP client wrapper oeHttp/oeHttpRequest disables SSL/TLS certificate verification by default verify: false, making all external HTTPS connections vulnerable ...

C-AAE: Compressively Anonymizing Autoencoders for Privacy-Preserving Activity Recognition in Healthcare Sensor Streams

Wearable accelerometers and gyroscopes encode fine-grained behavioural signatures that can be exploited to re-identify users, making privacy protection essential for healthcare applications. We introduce C-AAE, a compressive anonymizing autoencoder that marries an Anonymizing AutoEncoder AAE with...

Differential Privacy-Driven Framework for Enhancing Heart Disease Prediction

With the rapid digitalization of healthcare systems, there has been a substantial increase in the generation and sharing of private health data. Safeguarding patient information is essential for maintaining consumer trust and ensuring compliance with legal data protection regulations. Machine...

UnitedHealth almost doubles victim numbers from massive Change Healthcare data breach

UnitedHealth says it now estimates that the data breach on its subsidiary Change Healthcare affected 190 million people, nearly doubling its previous estimate from October. In May, UnitedHealth CEO Andrew Witty estimated that the ransomware attack compromised the data of a third of US individuals...

Using Electronic Health Records (EHRs) for Healthcare Data Extraction

Electronic health records EHRs have become crucial tools for storing and managing patient information. These digital records contain…...

Critical Flaw in NextGen's Mirth Connect Could Expose Healthcare Data

Users of Mirth Connect, an open-source data integration platform from NextGen HealthCare, are being urged to update to the latest version following the discovery of an unauthenticated remote code execution vulnerability. Tracked as CVE-2023-43208, the vulnerability has been addressed in version...

Database Mess Up: 7TB of Healthcare Data Leak Affects 12 Million Patients

By Deeba Ahmed Yet another day, more unprotected data left in the Cloud without password or security measures. This is a post from HackRead.com Read the original post: Database Mess Up: 7TB of Healthcare Data Leak Affects 12 Million Patients...

PT-2023-27296 · Softneta · Meddream Pacs

Name of the Vulnerable Software and Affected Versions: Softneta MedDream PACS affected versions not specified Description: The issue concerns a lack of authentication check in the affected product, leading to the performance of dangerous functionality. This could result in unauthenticated remote...

Nightscout Web Monitor 跨站脚本漏洞

Nightscout Web Monitor is an open source web monitor for healthcare that allows multiple caregivers to remotely view a patient's blood glucose data in real time. A security vulnerability exists in Nightscout Web Monitor a.k.a. cgm-remote-monitor 14.2.2 that allows XSS via a crafted x - forward -...

Securing Privileged Access Within Healthcare Orgs

Healthcare organizations have always been high-value targets for cybercriminals, as their networks store large volumes of personally identifiable information PII including Social Security numbers, dates of birth, addresses and very sensitive personal health data. Since the beginning of the COVID-...

45 Million Medical Images Left Exposed Online

More than 45 million medical images—and the personally identifiable information PII and personal healthcare information PHI associated with them–have been left exposed online due to unsecured technology that’s typically used to store, send and receive medical data, new research has found. A team...

A week in security (September 28 – October 4)

Last week on Malwarebytes Labs, we dug into what happens when card fraud comes calling, we gave a rundown on some novel ransomware attacks that took advantage of smart coffee makers, and we introduced VideoBytes, our new, monthly series in which well provide video coverage of some of the...

A week in security (December 30 – January 5)

Last week on Malwarebytes Labs, we took a dive into edge computing, looked at new web skimmer techniques, and rolled our eyes at silly people doing silly things. Other cybersecurity news: Stills and chills: A Reddit user notices their security camera is grabbing stills from other people’s devices...

ThreatList: Healthcare Breaches Spike in October

October experienced a 44.44 percent month-over-month increase in healthcare data breaches, resulting in 661,830 healthcare records exposed or stolen during the month. That’s according to the Health and Human Services HHS Office for Civil Rights’ monthly report reported via HIPAA Journal. The...

Google's Plan to Crunch Health Data on Millions of Patients Draws Fire

Tech behemoth Google is using artificial intelligence to reportedly slice and dice personal healthcare details on millions of Americans. That has some researchers diagnosing the company with HIPAA violations and prescribing regulatory controls as a remedy. And, at least one federal regulator is...

Study: Ransomware, Data Breaches at Hospitals tied to Uptick in Fatal Heart Attacks

Hospitals that have been hit by a data breach or ransomware attack can expect to see an increase in the death rate among heart patients in the following months or years because of cybersecurity remediation efforts, a new study posits. Health industry experts say the findings should prompt a large...

Anthem, Apple and the Pentagon: A Data-Breach Cornucopia

Like pumpkin spice and turning leaves, data breaches have become a theme for the fall. This season is shaping up to be no exception, with Anthem, Apple and, worryingly, the Pentagon all making headlines in the last few days. It is, of course, part of the “new normal” as cyberattackers continue to...

Boys Town Healthcare Data Breach Exposed Personal Details of Patients

Another day, Another data breach! This time-sensitive and personal data of hundreds of thousands of people at Boys Town National Research Hospital have been exposed in what appears to be the largest ever reported breach by a pediatric care provider or children's hospital. According to the U.S...