Multiple Vulnerabilities Identified in OpenEMR Health Record and Practice Management Software

Multiple vulnerabilities have been identified in the popular open source electronic health record and medical practice management software, OpenEMR. OpenEMR is used by healthcare organizations around the world for recording and managing sensitive patient data, and patients used the software for scheduling appointments online, communicating with their healthcare providers, and paying medical bills. OpenEMR is… Read More »

Editoirial: Benefits of HIPAA for Patients

This is the third article in the ‘Benefits of HIPAA’ series, this time around exploring how the Health Insurance Portability and Accountability Act (HIPAA) and its subsequent amendments have benefited patients. The first article in the series explored how HIPAA has benefited healthcare organizations and the second covered the key benefits of HIPAA for healthcare… Read More »

Lawsuit Alleges Christ Hospital Website Has Sent Patient Data to Meta

Earlier this month, a lawsuit was filed against The Christ Hospital in Cincinnati, OH, alleging third-party tracking code had been added to its website that was transmitting sensitive patient data to Meta and other third parties, without obtaining authorization from patients. An investigation by The Markup last summer revealed one-third of the top 100 hospitals… Read More »

Healthcare Industry Most Commonly Attacked with Downloaders and Ransomware

Blackberry has recently published its Global Threat Intelligence Report, which provides actionable and contextualized intelligence that can be used to improve cyber resilience. The report is based on data collected by Blackberry and threat intelligence provided by third parties, gathered over 90 days between September and November 2022. Throughout the reporting period, downloaders were among the… Read More »

Feds Warn of Malicious Use of RMM Software in Callback Phishing Attacks

Cybercriminals are increasingly using legitimate remote monitoring and management (RMM) software in their attacks, according to a recent joint alert from the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC). The campaign was first identified in October 2022 and involves callback phishing. The… Read More »

Ransomware Profits Decline as Victims Refuse to Pay Ransoms

Ransomware gangs are finding it much harder to profit from their attacks as fewer victims are ransoms to obtain the decryption keys and prevent the exposure of stolen data, according to two recently released reports from the ransomware remediation firm, Coveware, and blockchain analysis firm, Chainalysis. Coveware reports that in Q1, 2019, 85% of ransomware… Read More »

Second Class Action Lawsuit Filed Against CommonSpirit Health Over Ransomware Attack

Another lawsuit has been filed against CommonSpirit Health over its 2022 ransomware attack and data breach that alleges the nation’s largest catholic health system failed to implement reasonable and appropriate safeguards to prevent unauthorized access to sensitive patient data. CommonSpirit Health announced in early October that it was dealing with a cyberattack that took down… Read More »