MphRx Minerva 访问控制错误漏洞

MphRx Minerva is a medical data integration and interoperability platform developed by MphRx Corporation. Version MphRx Minerva V3.6.0 contains a security vulnerability related to access control. This vulnerability stems from an insecure direct object reference in the /minerva/moUser/show endpoin...

Bell Ambulance Confirms Data Breach Affecting 237,830 Individuals

Bell Ambulance disclosed a data breach impacting 237,830 individuals after unauthorized access to its network exposed personal and medical data...

EUVD-2019-8052

Malware in sbrugna...

EUVD-2024-21203

Malicious code in bioql PyPI...

FBI Warns of Health Insurance Scam Stealing Personal and Medical Data

The Federal Bureau of Investigation FBI has issued a warning about a scam where criminals pretend to be…...

CVE-2019-18254

BIOTRONIK CardioMessenger II, The affected products do not encrypt sensitive information while at rest. An attacker with physical access to the CardioMessenger can disclose medical measurement data and the serial number from the implanted cardiac device the CardioMessenger is paired with...

Patient Record Management System dental_pending.php File SQL Injection Vulnerability

Patient Record Management System is a medical record management system. Patient Record Management System suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the parameter ID of the /dentalpending.php file. An attacker can exploit...

Hard drives containing sensitive medical data found in flea market

Somebody bought a batch of 15 GB hard drives from a flea market, and during a routine check of the contents they found medical data about hundreds of patients. After some more investigation in the Netherlands, it turned out the data came from a software provider in the medical industry which had...

PT-2025-5866 · Unknown · Orthanc Dicom Server

Name of the Vulnerable Software and Affected Versions: Orthanc DICOM Server versions prior to 1.5.8 Description: The issue allows unauthorized access to medical images due to missing authentication. This exposes medical data to potential unauthorized access. Remote attackers can exploit this to...

U.S. Dept Of Defense: Air Force candidate PII + recruitment chat logs accessible via BAC/IDOR on █████████ (very large/significant exposure)

A vulnerability was discovered in a Department of Defense-owned Salesforce asset that allowed unauthorized access to sensitive personal information of Air Force candidates. The vulnerability stemmed from a misconfiguration in the Document object, which permitted an attacker to retrieve a large...

A week in security (November 25 – December 1)

Last week on Malwarebytes Labs: Printer problems? Beware the bogus help Data broker exposes 600,000 sensitive files including background checks Medical testing company LifeLabs failed to protect customer data, report finds Explained: the Microsoft connected experiences controversy Spotify, Audibl...

My TED Talks

I have spoken at several TED conferences over the years. TEDxPSU 2010: "Reconceptualizing Security" TEDxCambridge 2013: "The Battle for Power on the Internet" TEDMed 2016: "Who Controls Your Medical Data?" Im putting this here because I want all three links in one place...

PT-2024-20054 · Moderna Sistemas · Modernanet Hospital Management System

Name of the Vulnerable Software and Affected Versions: Moderna Sistemas ModernaNet Hospital Management System version 2024 Description: The system is susceptible to an issue that allows unauthorized access to sensitive medical information. This is due to the handling of user data access through t...

Privacy Violating COVID Tests

A good lesson in reading the fine print: Cignpost Diagnostics, which trades as ExpressTest and offers £35 tests for holidaymakers, said it holds the right to analyse samples from seals to "learn more about human health" -- and sell information on to third parties. Individuals are required to give...

Telehealth: a new frontier in medicine—and security

Telehealth today doesnt just involve chatting with a doctor via a video-conferencing application. Its become an entire collection of rapidly developing technologies and products that includes specialized applications, wearable devices, implantable sensors, and cloud databases, many of which have...

The dangers of “connected” healthcare: predictions for 2022

For a second consecutive year, the time for Kaspersky to make its predictions for the healthcare sector comes amid the global COVID-19 pandemic. Unfortunately, the virus still dominates most aspects of our lives, and, of course, the pandemic remained the biggest and most-discussed topic in...

Ex-army admin jailed for 12 years over US military health data theft

By Deeba Ahmed Frederick Brown, a medical data technician & admin associated with the 65th Medical Brigade of the US Army caused millions of dollars in losses. This is a post from HackRead.com Read the original post: Ex-army admin jailed for 12 years over US military health data theft...

CVE-2019-18254

BIOTRONIK CardioMessenger II, The affected products do not encrypt sensitive information while at rest. An attacker with physical access to the CardioMessenger can disclose medical measurement data and the serial number from the implanted cardiac device the CardioMessenger is paired with...

Design/Logic Flaw

BIOTRONIK CardioMessenger II, The affected products do not encrypt sensitive information while at rest. An attacker with physical access to the CardioMessenger can disclose medical measurement data and the serial number from the implanted cardiac device the CardioMessenger is paired with...

Hackers Cashing In On Healthcare Industry Security Weaknesses

SAN FRANCISCO – Cybercriminals are pushing boundaries in looking for new ways to cash in on the healthcare space – whether it is persuading desperate patients to download health information apps that actually infect their devices with malware, attacking hospitals with ransomware attacks or even...