Alessandro Mascellino reports: Researchers have found three separate vulnerabilities in OpenEMR, an open-source software for electronic health records and medical practice management. Clean code experts at Sonar published an advisory Wednesday about the discovered flaws by security researcher Dennis Brinkrolf. Thanks to responsible disclosure, the vulnerabilities were addressed in October 2022. Anyone using OpenEMR should update to one of the updated…
Category: Commentaries and Analyses
Class action lawsuits following breaches in the medical sector: do they help or make things worse?
In their predictions for 2023, the very first prediction by Mary T. Costigan, Jason C. Gavejian & Joseph J. Lazzarotti of JacksonLewis involved healthcare and medical data security and tracking: 2023 will see a significant increase in the number of lawsuits and perhaps OCR compliance reviews relating to medical information privacy and HIPAA, including new…
Stratford University discloses ransomware attack — but which ransomware attack?
In September 2022, DataBreaches reported Stratford University had been the target of three ransomware attacks in previous months by REvil, Snatch Team, and Avos Locker. Snatch Team and Avos Locker had informed DataBreaches that neither had encrypted Stratford’s files; they exfiltrated and attempted to ransom them. Stratford never responded to inquiries from DataBreaches about the multiple…
Hive Ransomware’s infrastructure seized; law enforcement “hacked the hackers”
After months of a “cyber stakeout” in which law enforcement officials lawfully hacked the hackers, one of the top ransomware gangs in the world had their servers seized and their operations dismantled. DataBreaches reported the seizure earlier this morning. Hive ransomware gang has been the subject of numerous posts on DataBreaches over the past two…
Baltimore schools cyber attack cost nearly $10M: State IG
ABC News reports: Baltimore County Public Schools failed to act on several state recommendations to help mitigate cyber attacks before a hack disrupted school operations and cost the school system millions of dollars in damages and repairs, according to a report from a state inspector general. BCPS was hacked using a phishing email in November 2020 —…
Ransomware : comment traque-t-on les gains des cybercriminels ? (Ransomware: how do we track the profits of cybercriminals?)
Valéry Rieß-Marchive explains how LeMagIT staff tracked Conti and Avaddon in 2021 using available tools and Blockchain activity and how developments since then have made tracking easier in some respects. He writes, in part (machine translation): A major development has occurred in the past two years, besides the Conti Leaks : awareness of bitcoin ransom payment…