Security News

The leak came from an S3 bucket that was left unsecured. The unsecured S3 bucket appeared to be powering Rotherwood's internal system, a CRM-style software suite that looks to be used to capture and store essential data about staff and patients alike.

The healthcare industry has significantly more exposed attack surfaces than any other industry surveyed, according to Censys's research findings of cloud risks and cloud maturity by industry, revealed at RSA Conference 2020. The healthcare industry showed significantly more exposed databases and more exposed remote login services.

"Phishing continues to be one of the primary breach vectors in the healthcare industry. It is cheap, effective and profitable to the cyber-criminal element," says Rich Curtiss, director of healthcare risk assurance services at security consultancy Coalfire. "Health records command a hefty price on the 'dark web' and are relatively easy to acquire through phishing attacks. Phishing is an organizational threat and not an IT problem. Addressing the threat must be a strategic imperative and, to be truly effective, must be part of the organizational culture."

Number of records exposed in healthcare breaches doubles. According to the findings, the total number of records breached more than doubled from 2018 to 2019.

As we enter the twenty-twenties, healthcare has separated from the pack and is, by a wide margin, the most cyber-targeted industry. The healthcare industry plays host to roughly 70% of all US data breaches.

As Head of Research at CyberMDX, Elad Luz gathers and analyzes information on a variety of connected healthcare devices in order to improve the techniques used to protect them and/or report about their security issues to vendors. Care critical devices that are directly connected to patients like infusion pumps, ventilation, anesthesia, patient monitoring and such obviously represent the most critical endpoints from a security perspective.

Cynerio announced the addition of the virtual segmentation capability to their platform. The Cynerio platform's new virtual segmentation capability automatically delivers safe and effective policies in a matter of weeks by customizing segmentation policy for every device type, limiting the attack surface, and ensuring clinical services remain intact.

Federal regulators are warning healthcare providers about six vulnerabilities in some of GE Healthcare's medical device systems that could allow attackers to remotely take control of the gear. The GE Healthcare product vulnerabilities are the latest example of the medical device cybersecurity challenges the healthcare sector faces.

Researchers have discovered six critical and high-risk vulnerabilities - collectively dubbed MDhex - affecting a number of patient monitoring devices manufactured by GE Healthcare. The flaws may, according to GE Healthcare, allow an attacker to make changes at the device's OS level that may render the device unusable or interfere with its function, make changes to alarm settings on connected patient monitors, and utilize services used for remote viewing and control of multiple devices on the network to access the clinical user interface and make changes to device settings and alarm limits, which could lead to missed, unnecessary, or silenced alarms.

Several potentially serious vulnerabilities have been found in patient monitoring products made by GE Healthcare, the DHS's Cybersecurity and Infrastructure Security Agency and healthcare cybersecurity firm CyberMDX revealed on Thursday. GE Healthcare has also inadvertently exposed SSH private keys, making it possible for hackers to remotely connect to devices and execute malicious code.