CVE-2025-70063

The 'Medical History' module in PHPGurukul Hospital Management System v4.0 contains an Insecure Direct Object Reference IDOR vulnerability. The application fails to verify that the requested 'viewid' parameter belongs to the currently authenticated patient. This allows a user to access the...

Balancing Security and Privacy: The Pivotal Role of AI in Modern Healthcare Systems

As digital threats continue to grow, organizations must find ways to enhance security while protecting user privacy. This paper explores how artificial intelligence AI plays a crucial role in achieving this balance. AI technologies can improve security by detecting threats, monitoring systems, an...

HASOMED Elefant 安全漏洞

HASOMED Elefant is an exercise software from the German company HASOMED. It specializes in meeting the needs of psychotherapists, child and adolescent psychotherapists, and medical psychotherapists. A security vulnerability exists in HASOMED Elefant versions prior to 24.04.00 and Elefant Software...

Broward Breach Highlights Healthcare Supply-Chain Problems

This week’s announcement by Florida’s Broward Health System that the most intimate medical data of 1,357,879 of its patients was breached in the fall should serve as a warning that the healthcare software supply chain will be a juicy target for cybercriminals as we head into 2022, researchers war...

Ransomware Gang Collects Data from Blood Testing Lab

Apex Laboratory, which provides blood work at home for patients in New York City, Long Island and South Florida, has been hit with a ransomware attack that also resulted in patient data being stolen. Though the company just disclosed the attack, it took place on July 25, when “certain systems in...

Who is managing the security of medical management apps?

One truth that is consistent across every sector—be it technology or education—is that software is vulnerable, which means that any device running software applications is also at risk. While virtually any application-running device could be compromised by an attacker, vulnerabilities in medical...

Kaiser Permanente Case Underscores Due Diligence Requirement

California and U.S. authorities are investigating whether Kaiser Permanente violated some 300,000 patients’ privacy when dealing with a Mom and Pop document storage company that kept medical records in a shared warehouse and stored sensitive data on home computers. The investigation, according to...

Study: 94 Percent of Healthcare Organizations Breached

In the last two years, 94 percent of healthcare organizations that took part in the Ponemon Institute’s “Third Annual Benchmark Study on Patient Privacy & Data Security” PDF reported that they had suffered at least one data breach; 45 percent reported that they had been the victim of at more than...

HIPAA Compliance and Call Centers

In a previous post titled Is It Safe to Speak? Protection for Telephone-Based Payment Card Data, I commented on the PCI SSC new requirements for call center operations and recording systems. Call center security has been a hot topic for a long time. How safe is the information that is given over...