MAL-2025-19089 Malicious code in easy-visualize-decode-phi-meta (npm)

The package easy-visualize-decode-phi-meta was found to contain malicious code...

Invariant-Based Robust Weights Watermark for Large Language Models

Watermarking technology has gained significant attention due to the increasing importance of intellectual property IP rights, particularly with the growing deployment of large language models LLMs on billions resource-constrained edge devices. To counter the potential threats of IP theft by...

CVE-2024-43278

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Phi Phan Meta Field Block allows Stored XSS.This issue affects Meta Field Block: from n/a through 1.2.13...

CVE-2020-12008

Baxter ExactaMix EM 2400 Versions 1.10, 1.11 and ExactaMix EM1200 Versions 1.1, 1.2 systems use cleartext messages to communicate order information with an order entry system. This could allow an attacker with network access to view sensitive data including PHI...

CVE-2024-43278

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Phi Phan Meta Field Block allows Stored XSS.This issue affects Meta Field Block: from n/a through 1.2.13...

CVE-2024-43278

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Phi Phan Meta Field Block allows Stored XSS.This issue affects Meta Field Block: from n/a through 1.2.13...

CVE-2024-43278 WordPress Meta Field Block plugin <= 1.2.13 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Phi Phan Meta Field Block allows Stored XSS.This issue affects Meta Field Block: from n/a through 1.2.13...

Change Healthcare confirms the customer data stolen in ransomware attack

For the first time since news broke about a ransomware attack on Change Healthcare, the company has released details about the data stolen during the attack. First, a quick refresher: On February 21, 2024, Change Healthcare experienced serious system outages due to a cyberattack. The incident led...

Healthcare Needs Risk-Based Cybersecurity for Comprehensive, Effective Protection

In the first blog post of this three-blog series, we discussed the extraordinarily powerful “perfect storm” of cyber risk faced by healthcare organizations. The second blog post reviews how data security risks persist despite HIPAA compliance. In this third blog, we will discuss how to get starte...

How to Protect Patients and Their Privacy in Your SaaS Apps

The healthcare industry is under a constant barrage of cyberattacks. It has traditionally been one of the most frequently targeted industries, and things haven't changed in 2023. The U.S. Government's Office for Civil Rights reported 145 data breaches in the United States during the first quarter...

Why Healthcare Cybercrime is the Perfect Storm

Its Friday night. You, your husband, and your two children are settling in for a fun pizza and movie night together. Unexpectedly, your elderly neighbor, Anne, calls in a panic. Her husband Steve is having severe chest pains. While Anne has already called emergency services, she asks that you com...

Why Healthcare Can't Afford to Ignore Digital Identity

Investing in digital identity can improve security, increase clinical productivity, and boost healthcare's bottom line. — by Gus Malezis, CEO of Imprivata Digitalization has created immeasurable opportunities for businesses over the past two decades. But the growth of hybrid work and expansion of...

Why Attackers Target the Healthcare Industry

Key Takeaways: Personal health information PHI is an incredibly valuable category of personal data. When compromised and sold on the dark web, this data can be sold for thousands of dollars. Healthcare is a valuable target to attackers, including the group Killnet, which targeted healthcare sites...

CVE-2023-24610

NOSH 4a5cfdb allows remote authenticated users to execute PHP arbitrary code via the "practice logo" upload feature. The client-side checks can be bypassed. This may allow attackers to steal Protected Health Information because the product is for health charting...

Cross site scripting

IMPatienT before 1.5.2 allows stored XSS via onmouseover in certain text fields within a PATCH /modifyonto request to the ontology builder. This may allow attackers to steal Protected Health Information...

CVE-2022-43557 BD BodyGuard™ Pumps – RS-232 Interface Vulnerability

The BD BodyGuard™ infusion pumps specified allow for access through the RS-232 serial port interface. If exploited, threat actors with physical access, specialized equipment and knowledge may be able to configure or disable the pump. No electronic protected health information ePHI, protected heal...

CVE-2022-40263

BD Totalys MultiProcessor, versions 1.70 and earlier, contain hardcoded credentials. If exploited, threat actors may be able to access, modify or delete sensitive information, including electronic protected health information ePHI, protected health information PHI and personally identifiable...

CVE-2022-40263

BD Totalys MultiProcessor (versions 1.70 and earlier) is affected by a hard-coded credentials vulnerability. Exploitation would require local access (or physical access if networked) to the system, with low attack complexity and user interaction not needed. Successful exploitation could allow an ...

#StopRansomware: Daixin Team

Summary Actions to take today to mitigate cyber threats from ransomware: Install updates for operating systems, software, and firmware as soon as they are released. Require phishing-resistant MFA for as many services as possible. Train users to recognize and report phishing attempts. Note: This...

Healthcare site leaks personal health information via Google and Meta tracking pixels

Advocate Aurora Health has disclosed that by visiting its websites users may have shared personal information, and possibly protected health information PHI, with Google and Meta Facebook. Advocate Aurora Health is the 11th largest not-for-profit, integrated health system in the US and provides...