healthcare | Breaking Cybersecurity News | The Hacker News

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has given a November 17, 2023, deadline for federal agencies and organizations to apply mitigations to secure against a number of security flaws in Juniper Junos OS that came to light in August. The agency on Monday  added  five vulnerabilities to the Known Exploited Vulnerabilities ( KEV ) catalog, based on evidence of active exploitation - CVE-2023-36844  (CVSS score: 5.3) - Juniper Junos OS EX Series PHP External Variable Modification Vulnerability CVE-2023-36845  (CVSS score: 5.3) - Juniper Junos OS EX Series and SRX Series PHP External Variable Modification Vulnerability CVE-2023-36846  (CVSS score: 5.3) - Juniper Junos OS SRX Series Missing Authentication for Critical Function Vulnerability CVE-2023-36847  (CVSS score: 5.3) - Juniper Junos OS EX Series Missing Authentication for Critical Function Vulnerability CVE-2023-36851  (CVSS score: 5.3) - Juniper Junos OS SRX Series Missing Authentication for Critical

Users of  Mirth Connect , an open-source data integration platform from NextGen HealthCare, are being urged to update to the latest version following the discovery of an unauthenticated remote code execution vulnerability. Tracked as  CVE-2023-43208 , the vulnerability has been addressed in  version 4.4.1  released on October 6, 2023. "This is an easily exploitable, unauthenticated remote code execution vulnerability," Horizon3.ai's Naveen Sunkavally  said  in a Wednesday report. "Attackers would most likely exploit this vulnerability for initial access or to compromise sensitive healthcare data." Called the "Swiss Army knife of healthcare integration," Mirth Connect is a cross-platform interface engine used in the healthcare industry to communicate and exchange data between disparate systems in a  standardized manner . Additional technical details about the flaw have been withheld in light of the fact that Mirth Connect versions going as far bac

For years, securing a company's systems was synonymous with securing its "perimeter." There was what was safe "inside" and the unsafe outside world. We built sturdy firewalls and deployed sophisticated detection systems, confident that keeping the barbarians outside the walls kept our data and systems safe. The problem is that we no longer operate within the confines of physical on-prem installations and controlled networks. Data and applications now reside in distributed cloud environments and data centers, accessed by users and devices connecting from anywhere on the planet. The walls have crumbled, and the perimeter has dissolved, opening the door to a new battlefield: identity . Identity is at the center of what the industry has praised as the new gold standard of enterprise security: "zero trust." In this paradigm, explicit trust becomes mandatory for any interactions between systems, and no implicit trust shall subsist. Every access request, regardless of its origin,

The healthcare industry is under a constant barrage of cyberattacks. It has traditionally been one of the most frequently targeted industries, and things haven't changed in 2023. The U.S. Government's Office for Civil Rights reported  145 data breaches  in the United States during the first quarter of this year. That follows 707 incidents a year ago, during which over 50 million records were stolen. Health records often include names, birth dates, social security numbers, and addresses. This treasure trove of data is used in identity theft, tax fraud, and other crimes. It is the high value of the data that makes healthcare applications such a promising target. The healthcare industry was hesitant to adopt SaaS applications. However, SaaS applications lead to better collaboration among medical professionals, leading to improved patient outcomes. That, combined with SaaS's ability to reduce costs and improve financial performance, has led to the industry fully embracing SaaS solutions

A hospital with 2,000 employees in the E.U. deployed Cynet protections across its environment. The hospital was in the process of upgrading several expensive imaging systems that were still supported by Windows XP and Windows 7 machines. Cynet protections were in place on most of the Windows XP and Windows 7 machines during the upgrade process, ensuring that legacy operating systems would not cause vulnerabilities or delay the activation of an  incident response plan . The hospital's I.T. security team appreciated this coverage after their previous provider abandoned support for Windows XP and Windows 7. "One of the many reasons we chose Cynet was their support of legacy Windows machines. It's expensive, difficult and time consuming to upgrade our imaging system software, but we needed protections as we slowly migrated to more current Windows environments. Cynet was one of the few providers that continue to protect these older Windows environments." The Attack Alo

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released an Industrial Control Systems (ICS) medical advisory warning of a critical flaw impacting Illumina medical devices. The issues impact the Universal Copy Service (UCS) software in the Illumina MiSeqDx, NextSeq 550Dx, iScan, iSeq 100, MiniSeq, MiSeq, NextSeq 500, NextSeq 550, NextSeq 1000/2000, and NovaSeq 6000 DNA sequencing instruments. The most severe of the flaws, CVE-2023-1968 (CVSS score: 10.0), permits remote attackers to bind to exposed IP addresses, thereby making it possible to eavesdrop on network traffic and remotely transmit arbitrary commands. The second issue relates to a case of privilege misconfiguration (CVE-2023-1966, CVSS score: 7.4) that could enable a remote unauthenticated malicious actor to upload and execute code with elevated permissions. "Successful exploitation of these vulnerabilities could allow an attacker to take any action at the operating system level," CISA  sa

Investing in digital identity can improve security, increase clinical productivity, and boost healthcare's bottom line.  —  b y Gus Malezis, CEO of Imprivata Digitalization has created immeasurable opportunities for businesses over the past two decades. But the growth of hybrid work and expansion of Internet of Things (IoT) has outpaced traditional 'castle and moat' cybersecurity, introducing unprecedented vulnerabilities, especially in the healthcare industry. Although all organizations have important data to secure, healthcare holds some of the public's most sensitive personal health information (PHI) – not to mention insurance and financial data, as well.  We all expect this information to be secured and protected, especially with HIPAA laws in place. However, due to increasing IT fragmentation and the growing sophistication of cyberattacks, this is no longer guaranteed. In fact, the number of individuals affected by health data breaches in the U.S. since 2009 is

Australian health insurer Medibank today confirmed that personal data belonging to around 9.7 million of its current and former customers were accessed following a ransomware incident. The  attack , according to the company, was detected in its IT network on October 12 in a manner that it said was "consistent with the precursors to a ransomware event," prompting it to isolate its systems, but not before the attackers exfiltrated the data. "This figure represents around 5.1 million Medibank customers, around 2.8 million ahm customers, and around 1.8 million international customers," the Melbourne-based firm  noted . Compromised details include names, dates of birth, addresses, phone numbers, and email addresses, as well as Medicare numbers (but not expiry dates) for ahm customers, and passport numbers (but not expiry dates) and visa details for international student customers. It further said the incident resulted in the theft of health claims data for about 16

Australian health insurance firm Medibank on Wednesday disclosed that the personal information of all of its customers had been unauthorizedly accessed following a recent ransomware attack. In an update to its ongoing investigation into the incident, the firm  said  the attackers had access to "significant amounts of health claims data" as well as personal data belonging to its  ahm health insurance subsidiary  and international students. Medibank, which is one of the largest Australian private health insurance providers,  serves about 3.9 million customers  across the country. "We have evidence that the criminal has removed some of this data and it is now likely that the criminal has stolen further personal and health claims data," the company further added. "As a result, we expect that the number of affected customers could grow substantially." The company also said it's continuing its probe to determine what specific data has been stolen in th

In a US SEC (Securities and Exchange Commission)  8-K filing , Omnicell, the healthcare technology provider, revealed that some of its products, services, and internal systems were affected by ransomware.  Upon detecting the incident, the medication management systems provider took immediate action to contain the attack and ensure continued operation. In its  10-Q form  filing, Omnicell disclosed that cyber-attacks or data breaches disrupted its business.  Will you be the next victim? If you overlook the importance of data protection, attackers can get you in no time.  Explore the  impact of the data breach  on the healthcare sector and what preventive measures can be taken against such attacks. Omnicell Announced Data Breach  Founded in 1992, Omnicell is a leading provider of medication management solutions for hospitals, long-term care facilities, and retail pharmacies.  On May 4, 2022 , Omnicell's IT systems and third-party cloud services were affected by ransomware attac

Multiple security vulnerabilities have been disclosed in Baxter's internet-connected infusion pumps used by healthcare professionals in clinical environments to dispense medication to patients. "Successful exploitation of these vulnerabilities could result in access to sensitive data and alteration of system configuration," the U.S. Cybersecurity and Infrastructure Security Agency (CISA)  said  in a coordinated advisory. Infusion pumps are internet-enabled devices used by hospitals to deliver medication and nutrition directly into a patient's circulatory system. The four vulnerabilities in question, discovered by  cybersecurity firm Rapid7  and reported to Baxter in April 2022, affect the following Sigma Spectrum Infusion systems - Sigma Spectrum v6.x model 35700BAX Sigma Spectrum v8.x model 35700BAX2 Baxter Spectrum IQ (v9.x) model 35700BAX3 Sigma Spectrum LVP v6.x Wireless Battery Modules v16, v16D38, v17, v17D19, v20D29 to v20D32, and v22D24 to v22D28 Sig

In a new joint cybersecurity advisory, U.S. cybersecurity and intelligence agencies have warned about the use of Maui ransomware by North Korean government-backed hackers to target the healthcare sector since at least May 2021. "North Korean state-sponsored cyber actors used Maui ransomware in these incidents to encrypt servers responsible for healthcare services—including electronic health records services, diagnostics services, imaging services, and intranet services," the authorities  noted . The  alert  comes courtesy of the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of the Treasury. Cybersecurity firm Stairwell, whose findings formed the basis of the advisory, said the lesser-known ransomware family stands out because of a lack of several key features commonly associated with ransomware-as-a-service (RaaS) groups. This includes the absence of "embedded ransom note to provide recov

As many as five security vulnerabilities have been addressed in Aethon Tug hospital robots that could enable remote attackers to seize control of the devices and interfere with the timely distribution of medication and lab samples. "Successful exploitation of these vulnerabilities could cause a denial-of-service condition, allow full control of robot functions, or expose sensitive information," the U.S. Cybersecurity and Infrastructure Security Agency (CISA)  said  in an advisory published this week. Aethon TUG smart autonomous mobile robots are used in hospitals around the world to deliver medication, transport clinical supplies, and independently navigate around to perform different tasks such as cleaning floors and collecting meal trays. Collectively dubbed " JekyllBot:5 " by Cynerio, the flaws reside in the TUG Homebase Server component, effectively allowing attackers to impede the delivery of medications, surveil patients, staff, and hospital interiors thr

As many as seven security vulnerabilities have been disclosed in PTC's Axeda software that could be weaponized to gain unauthorized access to medical and IoT devices. Collectively called " Access:7 ," the weaknesses – three of which are rated Critical in severity – potentially affect more than  150 device models  spanning over 100 different manufacturers, posing a significant supply chain risk. PTC's Axeda solution includes a cloud platform that allows device manufacturers to establish connectivity to remotely monitor, manage and service a wide range of connected machines, sensors, and devices via what's called the agent, which is installed by the OEMs before the devices are sold to customers. "Access:7 could enable hackers to remotely execute malicious code, access sensitive data, or alter configuration on medical and IoT devices running PTC's Axeda remote code and management agent," researchers from Forescout and CyberMDX said in a joint report

An analysis of data crowdsourced from more than 200,000 network-connected infusion pumps used in hospitals and healthcare entities has revealed that 75% of those medical devices contain security weaknesses that could put them at risk of potential exploitation. "These shortcomings included exposure to one or more of some 40 known cybersecurity vulnerabilities and/or alerts that they had one or more of some 70 other types of known security shortcomings for IoT devices," Unit 42 security researcher Aveek Das  said  in a report published Wednesday. Palo Alto Networks' threat intelligence team said it obtained the scans from seven medical device manufacturers. On top of that, 52.11% of all infusion pumps scanned were susceptible to two known vulnerabilities that were disclosed in 2019 as part of 11 flaws collectively called " URGENT/11 " – CVE-2019-12255  (CVSS score: 9.8) – A buffer overflow flaw in the TCP component of Wind River VxWorks CVE-2019-12264  (CVS

In May 2017, the first documented ransomware assault on networked medical equipment happened. The worldwide ransomware assault WannaCry compromised radiological and other instruments in several hospitals during its height, after a software failure caused by a cyberattack on its third-party vendor's oncology cloud service, cancer patients having radiation therapy at four healthcare institutions had to reschedule appointments. These examples show how cyberattacks and data breaches may have a significant impact on the healthcare industry, heavily reliant on connected medical equipment. PHI (patient health information) captured and stored in these connected medical devices must be secured. Because PHI is transferred over the cloud via server-based systems, making it very susceptible to hackers. Ransomware attacks on health care professionals have become more common, sophisticated, and severe in recent years. Individual bad actors have been supplanted as the main perpetrators by orga

No business is out of danger of cyberattacks today. However, specific industries are particularly at risk and a favorite of attackers. For years, the healthcare industry has taken the brunt of ransomware attacks, data breaches, and other cyberattacks. Why is the healthcare industry particularly at risk for a cyberattack? What are the unique challenges to cybersecurity in healthcare, and how can healthcare organizations address these? Healthcare at risk Attackers are targeting various industries across the board. However, attackers seem to have a particular affinity for healthcare organizations. For eleven consecutive years, in the  IBM Cost of a Data Breach Report 2021 , healthcare had the highest industry cost of a breach. Additionally, Healthcare data breach costs increased from an average total cost of $7.13 million in 2020 to $9.23 million in 2021, a 29.5% increase. However, the tremendous cost sustained by healthcare organizations for data breach events is not only due to the