Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Healthcare Suffers Estimated $6.2 Billion In Data Breaches
Newest First  |  Oldest First  |  Threaded View
Financial SuperStar
50%
50%
Financial SuperStar,
User Rank: Apprentice
6/20/2019 | 11:12:41 AM
Financial Advisor
At the end of the day there will always be data breaches. However, it should be noted that health care companies seem to be having a disporpotioate amount of data breaches. 
builder7
50%
50%
builder7,
User Rank: Apprentice
5/12/2016 | 2:45:58 PM
Negligence
The different entities in the healthcare industry should be charged with negligence that has led to these data breaches, as they should in many other industries, because of their intrasingence towards security in their organizatons that are charged with upholding a certain criteria regarding safeguarding the data that people give them.  It would almost be like they want the data to be lost because it later appears as data that can be bought by private business so that they don't have to abide by the HIPPA rules.  Business may not be hiring the proper people and/or the correct amount of people to protect their data because they just wink at each other in business.  No matter what the reasoning, these businesses are the ones responsible for allowing unauthorized use of their servers or workstations because they have been negligent.  It only takes on look at their yearly profits to see that they could have well afforded to hire the small amount of technicians who could protect their networks and servers.  I am tired of seeing these stories because there is no such thing as protected data anymore.  This is just another example of how business is unable to take care of things themselves but always seem to need regulations to lead them by the hand to make them abide by certain norms to accomplish their mission, which is at odds with them making horrendous amounts of profit!  It is time for this to stop!
Kelly Jackson Higgins
50%
50%
Kelly Jackson Higgins,
User Rank: Strategist
5/12/2016 | 8:52:46 AM
Re: Healthcare breaches
...Now if they could only get the necessary budget & talent to shore up their security. 
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
5/12/2016 | 8:50:05 AM
Healthcare breaches
2015 was big in particular for this activity.  At a healthcare IT conference I went to last month (one I go to almost every year), one of the speakers referred to 2015 as "the year of the healthcare breach" -- and it's something that has worried the industry (as well as government regulators) quite a bit.  Security was much more top-of-mind at this year's conference than it had been in the past.


News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-29430
PUBLISHED: 2021-04-15
Sydent is a reference Matrix identity server. Sydent does not limit the size of requests it receives from HTTP clients. A malicious user could send an HTTP request with a very large body, leading to memory exhaustion and denial of service. Sydent also does not limit response size for requests it mak...
CVE-2021-29431
PUBLISHED: 2021-04-15
Sydent is a reference Matrix identity server. Sydent can be induced to send HTTP GET requests to internal systems, due to lack of parameter validation or IP address blacklisting. It is not possible to exfiltrate data or control request headers, but it might be possible to use the attack to perform a...
CVE-2021-29432
PUBLISHED: 2021-04-15
Sydent is a reference matrix identity server. A malicious user could abuse Sydent to send out arbitrary emails from the Sydent email address. This could be used to construct plausible phishing emails, for example. This issue has been fixed in 4469d1d.
CVE-2021-29447
PUBLISHED: 2021-04-15
Wordpress is an open source CMS. A user with the ability to upload files (like an Author) can exploit an XML parsing issue in the Media Library leading to XXE attacks. This requires WordPress installation to be using PHP 8. Access to internal files is possible in a successful XXE attack. This has be...
CVE-2021-30245
PUBLISHED: 2021-04-15
The project received a report that all versions of Apache OpenOffice through 4.1.8 can open non-http(s) hyperlinks. The problem has existed since about 2006 and the issue is also in 4.1.9. If the link is specifically crafted this could lead to untrusted code execution. It is always best practice to ...