196 matches found
NHS Dumfries and Galloway Faces Cyberattack, Patient Data at Risk
By Waqas Another day, another healthcare-related cyber attack putting already vulnerable individuals at risk. This is a post from HackRead.com Read the original post: NHS Dumfries and Galloway Faces Cyberattack, Patient Data at Risk...
OpenClinic GA Security Vulnerability
OpenClinic GA is an open source hospital information management system. The system supports financial management, clinical management and laboratory management. A security vulnerability exists in OpenClinic GA version 5.247.01, which stems from allowing patient lists to be retrieved via a query...
Exploit for Deserialization of Untrusted Data in Nextgen Mirth_Connect
RCE vulnerability in Mirth Connect CVE-2023-37679 and CVE-202...
Exploit for Command Injection in Nextgen Mirth_Connect
RCE vulnerability in Mirth Connect CVE-2023-37679 and CVE-202...
How to comply with HIPAA requirements
Understanding the Grounds of HIPAA Let's take a deep dive into understanding the broad structure and intent behind the Act for the Secure Management and Duty of Patient Data ASMDPD, a landmark piece of legislation that has deeply transformed the healthcare sector since its inception at the turn o...
Safeguarding Patient Health Data Means Balancing Access and Security
Increased access to health data can leave providers and insurers vulnerable to data breaches, so it’s vital to invest in cybersecurity that can protect networks...
Exploit for Cross-site Scripting in Phpgurukul Hospital_Management_System
CVE-2023-7173: Stored Cross-Site Scripting XSS in Hospital M...
Tampa General Hospital half thwarts ransomware attack, but still loses patient data
The Tampa General Hospital TGH has promised to reach out to individuals whose information has been stolen by a ransomware group. In a cybersecurity notice, TGH said it noticed unusual activity on its computer systems on May 31, 2023. "Fortunately, TGHs monitoring systems and experienced technolog...
CVE-2022-47376
The Alaris Infusion Central software, versions 1.1 to 1.3.2, may contain a recoverable password after the installation. No patient health data is stored in the database, although some site installations may choose to store personal data...
BD Alaris Infusion Central 安全漏洞
BD Alaris Infusion Central is an infusion solution from Biddy Medical BD USA. It helps staff to check and manage infusions on the ward from a computer or tablet. A security vulnerability exists in BD Alaris Infusion Central versions 1.1 through 1.3.2, which stems from a recoverable password that...
PT-2023-15291 · Bd · Alaris Infusion Central
Name of the Vulnerable Software and Affected Versions: Alaris Infusion Central software versions 1.1 to 1.3.2 Description: The issue concerns a recoverable password that may be present after the installation of the software. It is noted that no patient health data is stored in the database by...
HIMSS 2023 Conference recap
HIMSS 2023, the largest annual healthcare technology conference, was a great success. The conference highlighted the importance of compliance, data privacy, and cyber security for healthcare organizations. With the increasing use of electronic systems and devices, protecting patient data has beco...
Why Healthcare Can't Afford to Ignore Digital Identity
Investing in digital identity can improve security, increase clinical productivity, and boost healthcare's bottom line. — b y Gus Malezis, CEO of Imprivata Digitalization has created immeasurable opportunities for businesses over the past two decades. But the growth of hybrid work and expansion o...
Telehealth Sites Put Addiction Patient Data at Risk
New research found pervasive use of tracking tech on substance-abuse-focused health care websites, potentially endangering users in a post-Roe world...
CVE-2022-41627
The CVE-2022-41627 issue affects AliveCor’s KardiaMobile IoT device: the data-over-sound channel has no encryption, enabling an attacker in close proximity (less than 5 feet) to read ECG results or trigger a DoS by emitting matching audio frequencies. The vulnerability is tied to the IoT device’s...
CVE-2022-37461
Multiple cross-site scripting XSS vulnerabilities in Canon Medical Vitrea View 7.x before 7.7.6 allow remote attackers to inject arbitrary web script or HTML via 1 the input after the error subdirectory to the /vitrea-view/error/ subdirectory, or the 2 groupID, 3 offset, or 4 limit parameter to a...
PT-2022-24013 · Canon Medical · Canon Medical Vitrea View
Name of the Vulnerable Software and Affected Versions: Canon Medical Vitrea View versions 7.x through 7.7.5 Description: Multiple cross-site scripting XSS vulnerabilities allow remote attackers to inject arbitrary web script or HTML via the input after the error subdirectory to the...
PT-2022-24184 · Cms8000 · Cms8000
Name of the Vulnerable Software and Affected Versions: CMS8000 devices affected versions not specified Description: The issue concerns multiple globally default credentials existing across all CMS8000 devices. If these credentials are exposed, a threat actor with momentary physical access can gai...
Contec Health CMS8000 CONTEC ICU CCU Vital Signs Patient Monitor 信任管理问题漏洞
The Contec Health CMS8000 CONTEC ICU CCU Vital Signs Patient Monitor is a vital signs patient monitor from Contec Health. The Contec Health CMS8000 CONTEC ICU CCU Vital Signs Patient Monitor suffers from a trust management issue vulnerability that stems from the presence of multiple global defaul...
For Ransomware Double-Extorters, It's All About the Benjamins — and Data From Healthcare and Pharma
Welcome to the second installment in our series looking at the latest ransomware research from Rapid7. Two weeks ago, we launched "Pain Points: Ransomware Data Disclosure Trends", our first-of-its-kind look into the practice of double extortion, what kinds of data get disclosed, and how the...