Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
8 Security Categories Healthcare Providers Need to Improve On
Threaded  |  Newest First  |  Oldest First
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
9/6/2016 | 7:25:30 PM
Irony
The irony is: To get medical/health information that you're fully entitled to, you have to jump through a zillion bureaucratic hoops.

Maybe I should hire a hacker to get my own medical information for me.  It'd probably be easier and possibly even more cost-effective than to deal with the dimwits in most hospitals' medical-records offices who lack basic critical-thinking skills and pay outrageous copying rates.  (One hospital I recently dealt with for a client: More than $0.75 per page!)
patligalli
50%
50%
patligalli,
User Rank: Apprentice
9/29/2016 | 4:50:20 PM
2FA or MFA
Great article on recommendations and protecting patient data- author missed out on 2 factor technology which is critical. 

Mohammed 
lorraine89
50%
50%
lorraine89,
User Rank: Ninja
10/10/2016 | 7:26:54 AM
Online security
Increasiing and stepping up the game of online privacy is the key in remaining safe from those snooping eyes of the hackers and therefore it is essential to deploy military grade data protection tools like encryption, password protection and also securing your online activity and incoming traffic logs via a guaranteed secure vpn server. I use PureVPN as my vpn server because it has strict no logs policy and also offers 5 plus multi logins so that is a plus. 
AnnaK746
50%
50%
AnnaK746,
User Rank: Apprentice
1/29/2017 | 3:33:36 AM
security
I also very much concerned with the question about the security of applications. I would not like to know that my data is using someone. It's not good. How can you protect myself? I can use applications developed by reliable companies https://itechcraft.com/custom-healthcare-solutions/ .But how can I find out which companies are reliable?


Zero-Factor Authentication: Owning Our Data
Nick Selby, Chief Security Officer at Paxos Trust Company,  2/19/2020
44% of Security Threats Start in the Cloud
Kelly Sheridan, Staff Editor, Dark Reading,  2/19/2020
Firms Improve Threat Detection but Face Increasingly Disruptive Attacks
Robert Lemos, Contributing Writer,  2/20/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
How Enterprises Are Developing and Maintaining Secure Applications
How Enterprises Are Developing and Maintaining Secure Applications
The concept of application security is well known, but application security testing and remediation processes remain unbalanced. Most organizations are confident in their approach to AppSec, although others seem to have no approach at all. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-9351
PUBLISHED: 2020-02-23
An issue was discovered in SmartClient 12.0. If an unauthenticated attacker makes a POST request to /tools/developerConsoleOperations.jsp or /isomorphic/IDACall with malformed XML data in the _transaction parameter, the server replies with a verbose error showing where the application resides (the a...
CVE-2020-9352
PUBLISHED: 2020-02-23
An issue was discovered in SmartClient 12.0. Unauthenticated exploitation of blind XXE can occur in the downloadWSDL feature by sending a POST request to /tools/developerConsoleOperations.jsp with a valid payload in the _transaction parameter.
CVE-2020-9353
PUBLISHED: 2020-02-23
An issue was discovered in SmartClient 12.0. The Remote Procedure Call (RPC) loadFile provided by the console functionality on the /tools/developerConsoleOperations.jsp (or /isomorphic/IDACall) URL is affected by unauthenticated Local File Inclusion via directory-traversal sequences in the elem XML ...
CVE-2020-9354
PUBLISHED: 2020-02-23
An issue was discovered in SmartClient 12.0. The Remote Procedure Call (RPC) saveFile provided by the console functionality on the /tools/developerConsoleOperations.jsp (or /isomorphic/IDACall) URL allows an unauthenticated attacker to overwrite files via vectors involving an XML comment and /.. pat...
CVE-2020-9355
PUBLISHED: 2020-02-23
danfruehauf NetworkManager-ssh before 1.2.11 allows privilege escalation because extra options are mishandled.