Vulnerabilities / Threats

4/24/2018
12:10 PM
Kelly Sheridan
Kelly Sheridan
Quick Hits
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
50%
50%

MEDantex Healthcare Transcription Firm Accidentally Exposes Medical Records

Exposed data likely the result of a flawed system rebuild after a recent ransomware attack on the company.

MEDantex, a healthcare transcription service based in Wichita, Kansas, shut down its customer portal when it learned sensitive medical records for thousands of doctors were exposed online. The firm provides medical transcription for private physicians, hospitals, and clinics including New York University Medical Center and San Francisco Multi-Specialty Medical Group.

Physicians can upload audio notes about their patients to a MEDantex Web portal, which is supposed to be password-protected but was found by KrebsOnSecurity to be open to the public Internet. Several online tools for MEDantex employees were also exposed, including pages where anyone could add or delete users, or search for patient records by patient name or physician name, without submitting any type of authentication.

One of the primary directories exposed included more than 2,300 physicians. Each directory included varying numbers of patient records, and was displayed and available for download as Microsoft Word docs or raw audio files, the report explains. While it's unclear how long the data was accessible, a Google cache shows it was open on April 10, 2018.

Sreeram Pydah, founder and chief executive of MEDantex, confirmed the company recently had to rebuild its online servers after being hit with a form of ransomware called WhiteRose. The error leading to the exposure of patient records is seemingly part of the rebuild. Pydah says the company planned to take the site offline to figure out how the mistake occurred.

The latest Verizon DBIR report shows nearly a quarter of all breaches in 2017 affected healthcare organizations. It's the only industry where insiders cause more damage than outsiders: insiders were responsible for 56% of healthcare breaches last year.

Fred Kneip, CEO at CyberGRX, says we've reached the point where patients who trust healthcare organizations with their health may not be able to trust them with their personal data.

"Healthcare providers need to understand that their third parties' security controls are constantly vulnerable to exploits, and that their reputation is on the line when a breach at one of those third parties puts their patient data at risk," he says.

Read more details here.

Interop ITX 2018

Join Dark Reading LIVE for two cybersecurity summits at Interop ITX. Learn from the industry’s most knowledgeable IT security experts. Check out the security track here. Register with Promo Code DR200 and save $200.

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
4/25/2018 | 7:09:29 AM
Priceless!!!!!
So after a total reconstruct ---- this what I mean when I comment that a disaster recovery plan should be TESTED and verified.  I do not know the precise fault here but in general, when rebuilding at 2 in the morning --- my brain is not thinking right and it is easy to overlook something.  TEST it and do so every 6 months if you can stand it. 
How the US Chooses Which Zero-Day Vulnerabilities to Stockpile
Ricardo Arroyo, Senior Technical Product Manager, Watchguard Technologies,  1/16/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
The Year in Security 2018
This Dark Reading Tech Digest explores the biggest news stories of 2018 that shaped the cybersecurity landscape.
Flash Poll
How Enterprises Are Attacking the Cybersecurity Problem
How Enterprises Are Attacking the Cybersecurity Problem
Data breach fears and the need to comply with regulations such as GDPR are two major drivers increased spending on security products and technologies. But other factors are contributing to the trend as well. Find out more about how enterprises are attacking the cybersecurity problem by reading our report today.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-6497
PUBLISHED: 2019-01-20
Hotels_Server through 2018-11-05 has SQL Injection via the controller/fetchpwd.php username parameter.
CVE-2018-18908
PUBLISHED: 2019-01-20
The Sky Go Desktop application 1.0.19-1 through 1.0.23-1 for Windows performs several requests over cleartext HTTP. This makes the data submitted in these requests prone to Man in The Middle (MiTM) attacks, whereby an attacker would be able to obtain the data sent in these requests. Some of the requ...
CVE-2019-6496
PUBLISHED: 2019-01-20
The ThreadX-based firmware on Marvell Avastar Wi-Fi devices allows remote attackers to execute arbitrary code or cause a denial of service (block pool overflow) via malformed Wi-Fi packets during identification of available Wi-Fi networks. Exploitation of the Wi-Fi device can lead to exploitation of...
CVE-2019-3773
PUBLISHED: 2019-01-18
Spring Web Services, versions 2.4.3, 3.0.4, and older unsupported versions of all three projects, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources.
CVE-2019-3774
PUBLISHED: 2019-01-18
Spring Batch versions 3.0.9, 4.0.1, 4.1.0, and older unsupported versions, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources.