Srinivas Kodali has a commentary that begins: Indian software service companies are some of the most profitable entities in the world. They provide technology solutions that power Fortune 500 companies and governments across the world, but is their code always secure? The answer is never a simple binary response but more complex in the real…
Month: January 2023
Multiple Vulnerabilities Found In Healthcare Software OpenEMR
Alessandro Mascellino reports: Researchers have found three separate vulnerabilities in OpenEMR, an open-source software for electronic health records and medical practice management. Clean code experts at Sonar published an advisory Wednesday about the discovered flaws by security researcher Dennis Brinkrolf. Thanks to responsible disclosure, the vulnerabilities were addressed in October 2022. Anyone using OpenEMR should update to one of the updated…
Class action lawsuits following breaches in the medical sector: do they help or make things worse?
In their predictions for 2023, the very first prediction by Mary T. Costigan, Jason C. Gavejian & Joseph J. Lazzarotti of JacksonLewis involved healthcare and medical data security and tracking: 2023 will see a significant increase in the number of lawsuits and perhaps OCR compliance reviews relating to medical information privacy and HIPAA, including new…
Jm: South East Regional Health Authority victim of ransomware attack
The Jamaica Gleaner reports that the South East Regional Health Authority (SERHA) had been hit by a cyberattack that affected some information and communications technology and other services to the public. Junior Opposition Spokesperson on Science and Technology Omar Newell has since called for the disclosure of more details of the breach, such as whether,…
Zacks Investment Research notifies 820,000 clients
Bill Toulas reports: Hackers breached Zacks Investment Research (Zacks) company last year and gained access to personal and sensitive information belonging to 820,000 customers. […] An internal investigation into the incident determined that a threat actor gained access to the network somewhere between November 2021 and August 2022. It is unclear if any data was…
Stratford University discloses ransomware attack — but which ransomware attack?
In September 2022, DataBreaches reported Stratford University had been the target of three ransomware attacks in previous months by REvil, Snatch Team, and Avos Locker. Snatch Team and Avos Locker had informed DataBreaches that neither had encrypted Stratford’s files; they exfiltrated and attempted to ransom them. Stratford never responded to inquiries from DataBreaches about the multiple…