Vulnerabilities / Threats

4/24/2018
12:10 PM
Kelly Sheridan
Kelly Sheridan
Quick Hits
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
50%
50%

MEDantex Healthcare Transcription Firm Accidentally Exposes Medical Records

Exposed data likely the result of a flawed system rebuild after a recent ransomware attack on the company.

MEDantex, a healthcare transcription service based in Wichita, Kansas, shut down its customer portal when it learned sensitive medical records for thousands of doctors were exposed online. The firm provides medical transcription for private physicians, hospitals, and clinics including New York University Medical Center and San Francisco Multi-Specialty Medical Group.

Physicians can upload audio notes about their patients to a MEDantex Web portal, which is supposed to be password-protected but was found by KrebsOnSecurity to be open to the public Internet. Several online tools for MEDantex employees were also exposed, including pages where anyone could add or delete users, or search for patient records by patient name or physician name, without submitting any type of authentication.

One of the primary directories exposed included more than 2,300 physicians. Each directory included varying numbers of patient records, and was displayed and available for download as Microsoft Word docs or raw audio files, the report explains. While it's unclear how long the data was accessible, a Google cache shows it was open on April 10, 2018.

Sreeram Pydah, founder and chief executive of MEDantex, confirmed the company recently had to rebuild its online servers after being hit with a form of ransomware called WhiteRose. The error leading to the exposure of patient records is seemingly part of the rebuild. Pydah says the company planned to take the site offline to figure out how the mistake occurred.

The latest Verizon DBIR report shows nearly a quarter of all breaches in 2017 affected healthcare organizations. It's the only industry where insiders cause more damage than outsiders: insiders were responsible for 56% of healthcare breaches last year.

Fred Kneip, CEO at CyberGRX, says we've reached the point where patients who trust healthcare organizations with their health may not be able to trust them with their personal data.

"Healthcare providers need to understand that their third parties' security controls are constantly vulnerable to exploits, and that their reputation is on the line when a breach at one of those third parties puts their patient data at risk," he says.

Read more details here.

Interop ITX 2018

Join Dark Reading LIVE for two cybersecurity summits at Interop ITX. Learn from the industry’s most knowledgeable IT security experts. Check out the security track here. Register with Promo Code DR200 and save $200.

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
4/25/2018 | 7:09:29 AM
Priceless!!!!!
So after a total reconstruct ---- this what I mean when I comment that a disaster recovery plan should be TESTED and verified.  I do not know the precise fault here but in general, when rebuilding at 2 in the morning --- my brain is not thinking right and it is easy to overlook something.  TEST it and do so every 6 months if you can stand it. 
Making the Case for a Cybersecurity Moon Shot
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  2/19/2019
New Free Tool Scans for Chrome Extension Safety
Dark Reading Staff 2/21/2019
Privacy Ops: The New Nexus for CISOs & DPOs
Amit Ashbel, Security Evangelist, Cognigo,  2/18/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
How Enterprises Are Attacking the Cybersecurity Problem
How Enterprises Are Attacking the Cybersecurity Problem
Data breach fears and the need to comply with regulations such as GDPR are two major drivers increased spending on security products and technologies. But other factors are contributing to the trend as well. Find out more about how enterprises are attacking the cybersecurity problem by reading our report today.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-1698
PUBLISHED: 2019-02-21
A vulnerability in the web-based user interface of Cisco Internet of Things Field Network Director (IoT-FND) Software could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system. The vulnerability is due to improper handling of XML External E...
CVE-2019-1700
PUBLISHED: 2019-02-21
A vulnerability in field-programmable gate array (FPGA) ingress buffer management for the Cisco Firepower 9000 Series with the Cisco Firepower 2-port 100G double-width network module (PID: FPR9K-DNM-2X100G) could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) conditio...
CVE-2019-6340
PUBLISHED: 2019-02-21
Some field types do not properly sanitize data from non-form sources in Drupal 8.5.x before 8.5.11 and Drupal 8.6.x before 8.6.10. This can lead to arbitrary PHP code execution in some cases. A site is only affected by this if one of the following conditions is met: The site has the Drupal 8 core RE...
CVE-2019-8996
PUBLISHED: 2019-02-21
In Signiant Manager+Agents before 13.5, the implementation of the set command has a Buffer Overflow.
CVE-2019-1681
PUBLISHED: 2019-02-21
A vulnerability in the TFTP service of Cisco Network Convergence System 1000 Series software could allow an unauthenticated, remote attacker to retrieve arbitrary files from the targeted device, possibly resulting in information disclosure. The vulnerability is due to improper validation of user-sup...