128 matches found
Biometrics, diagnoses, and bank details exposed in major healthcare breach
NYC Health + Hospitals NYC H+H posted a data breach notice about a months‑long breach via a third‑party vendor that exposed highly sensitive patient and employee data for at least 1.8 million people, including medical records, government IDs, geolocation data, and even fingerprint and palm‑print...
Support platform breach exposes Hims & Hers customer data
Healthcare companies handle some of the most personal data imaginable. That makes them a magnet for hackers. And when those companies outsource their customer support to third-party platforms, every one of those platforms becomes another door someone can try to kick in. Telehealth giant Hims & He...
HmEditor 代码问题漏洞
HmEditor is an intelligent medical electronic health record editor developed under open source by huimeicloud. Versions of HmEditor 2.2.3 and earlier contained code vulnerabilities. These vulnerabilities stemmed from incorrect handling of the parameter url in the client.get function of the...
CVE-2026-2991
The KiviCare – Clinic & Patient Management System EHR plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 4.1.2. This is due to the patientSocialLogin function not verifying the social provider access token before authenticating a user. This makes it...
EUVD-2026-16050
OpenEMR is a free and open source electronic health records and medical practice management application. A Broken Access Control vulnerability in OpenEMR up to and including version 8.0.0.3 allows low-privilege users to view and download Ensora eRx error logs without proper authorization checks...
EUVD-2026-16042
OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.3 have a missing authorization check in portal/sign/lib/show-signature.php that allows any authenticated patient portal user to retrieve the drawn signature image of an...
EUVD-2026-12838
The KiviCare – Clinic & Patient Management System EHR plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 4.1.2. This is due to the patientSocialLogin function not verifying the social provider access token before authenticating a user. This makes it...
CVE-2026-2991 KiviCare – Clinic & Patient Management System (EHR) <= 4.1.2 - Unauthenticated Authentication Bypass via Social Login Token
The KiviCare – Clinic & Patient Management System EHR plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 4.1.2. This is due to the patientSocialLogin function not verifying the social provider access token before authenticating a user. This makes it...
PT-2026-26070
Name of the Vulnerable Software and Affected Versions KiviCare – Clinic & Patient Management System EHR plugin for WordPress versions up to and including 4.1.2 Description The KiviCare – Clinic & Patient Management System EHR plugin for WordPress is susceptible to Authentication Bypass. This occu...
OpenEMR 安全漏洞
OpenEMR is a set of open-source medical management systems developed by the OpenEMR community. This system can be used for medical practice management, electronic medical records, prescription writing, and medical billing applications. Versions of OpenEMR prior to 8.0.0 contained security...
CVE-2025-70063
The 'Medical History' module in PHPGurukul Hospital Management System v4.0 contains an Insecure Direct Object Reference IDOR vulnerability. The application fails to verify that the requested 'viewid' parameter belongs to the currently authenticated patient. This allows a user to access the...
CVE-2025-70063
The 'Medical History' module in PHPGurukul Hospital Management System v4.0 contains an Insecure Direct Object Reference IDOR vulnerability. The application fails to verify that the requested 'viewid' parameter belongs to the currently authenticated patient. This allows a user to access the...
Are we ready for ChatGPT Health?
How comfortable are you with sharing your medical history with an AI? I’m certainly not. OpenAI’s announcement about its new ChatGPT Health program prompted discussions about data privacy and how the company plans to keep the information users submit safe. ChatGPT Health is a dedicated “health...
CVE-2025-4596
Asseco ADMX system is used for processing medical records. It allows logged in users to access medical files belonging to other users through manipulation of GET arguments containing document IDs. This issue has been fixed in 6.09.01.62 version of ADMX...
CVE-2025-4596
CVE-2025-4596 affects the Asseco ADMX system (Asseco AMDX) used for processing medical records. The issue is an information disclosure via IDOR-like access: authenticated users can view medical files belonging to other users by manipulating GET parameters containing document IDs. Root cause: impr...
CVE-2025-4596 Information disclosure via IDOR in Asseco AMDX
Asseco ADMX system is used for processing medical records. It allows logged in users to access medical files belonging to other users through manipulation of GET arguments containing document IDs. This issue has been fixed in 6.09.01.62 version of ADMX...
CVE-2025-4596 Information disclosure via IDOR in Asseco AMDX
Asseco ADMX system is used for processing medical records. It allows logged in users to access medical files belonging to other users through manipulation of GET arguments containing document IDs. This issue has been fixed in 6.09.01.62 version of ADMX...
OpenAI Launches ChatGPT Health with Isolated, Encrypted Health Data Controls
Artificial intelligence AI company OpenAI on Wednesday announced the launch of ChatGPT Health, a dedicated space that allows users to have conversations with the chatbot about their health. To that end, the sandboxed experience offers users the optional ability to securely connect medical records...
EUVD-2020-4352
Malware in sbrugna...
EUVD-2022-34938
Malicious code in bioql PyPI...