Author Archives: Blog HIPAA

LuxSci Demonstrates Commitment to Privacy and Security by Achieving HITRUST Certification

LuxSci, the Massachusetts-based provider of HIPAA-compliant email communications services, has announced it has achieved HITRUST CSF Certification. The HITRUST Common Security Framework (CSF) is a comprehensive, certifiable framework for organizations that create, access, store, or transmit sensitive and regulated data.  The HITRUST CSF consists of a prescriptive set of scalable controls that confirm to multiple… Read More »

FDA Approves Tool for Scoring Medical Device Vulnerabilities

The FDA has approved a new rubric designed by the MITRE Corporation for assigning Common Vulnerability Scoring System (CVSS) scores to medical device vulnerabilities. The CVSS was designed for assigning scores to vulnerabilities in IT systems according to their severity, and while the system works well for many IT systems, it is less well suited… Read More »

Vulnerabilities Identified in B. Braun OnlineSuite and SpaceCom

Several vulnerabilities have recently been identified in B. Braun products used by healthcare organizations in the United States. B.Braun OnlineSuite Three vulnerabilities have been identified in B. Braun OnlineSuite, a clinical IT solution for creating and sending drug libraries and managing infusion devices and other medical equipment. If exploited, an attacker could escalate privileges, upload… Read More »

Dickinson County Health Suffers Ransomware Attack

Michigan-based Dickinson County Health has suffered a malware attack that has taken its EHR system offline. The attack has forced the health system to adopt EHR downtime procedures and record patient data using pen and paper. The attack commenced on October 17, 2020 and disrupted computer systems at all its clinics and hospitals in Michigan… Read More »

Active Threat Warning Issued About SharePoint RCE Vulnerability

The UK National Cyber Security Centre (NCSC) has recently issued a security alert advising organizations to patch a serious remote code execution vulnerability in Microsoft SharePoint. The DHS Cybersecurity and infrastructure Security Agency is also urging organizations to patch the flaw promptly to prevent exploitation. The vulnerability, tracked as CVE-2020-16952, is due to the failure… Read More »

Universities Targeted in Silent Librarian Spear Phishing Campaign

The Iran-based hacking group known as Silent Librarian – aka Cobalt Dickens and TA407 – has recommenced spear phishing attacks on universities in the United States and around the world. The hacking group has been conducting attacks since 2013 to gain access to login credentials and steal intellectual property and research data. Credentials and data… Read More »