Vulnerabilities / Threats

4/24/2018
12:10 PM
Kelly Sheridan
Kelly Sheridan
Quick Hits
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
50%
50%

MEDantex Healthcare Transcription Firm Accidentally Exposes Medical Records

Exposed data likely the result of a flawed system rebuild after a recent ransomware attack on the company.

MEDantex, a healthcare transcription service based in Wichita, Kansas, shut down its customer portal when it learned sensitive medical records for thousands of doctors were exposed online. The firm provides medical transcription for private physicians, hospitals, and clinics including New York University Medical Center and San Francisco Multi-Specialty Medical Group.

Physicians can upload audio notes about their patients to a MEDantex Web portal, which is supposed to be password-protected but was found by KrebsOnSecurity to be open to the public Internet. Several online tools for MEDantex employees were also exposed, including pages where anyone could add or delete users, or search for patient records by patient name or physician name, without submitting any type of authentication.

One of the primary directories exposed included more than 2,300 physicians. Each directory included varying numbers of patient records, and was displayed and available for download as Microsoft Word docs or raw audio files, the report explains. While it's unclear how long the data was accessible, a Google cache shows it was open on April 10, 2018.

Sreeram Pydah, founder and chief executive of MEDantex, confirmed the company recently had to rebuild its online servers after being hit with a form of ransomware called WhiteRose. The error leading to the exposure of patient records is seemingly part of the rebuild. Pydah says the company planned to take the site offline to figure out how the mistake occurred.

The latest Verizon DBIR report shows nearly a quarter of all breaches in 2017 affected healthcare organizations. It's the only industry where insiders cause more damage than outsiders: insiders were responsible for 56% of healthcare breaches last year.

Fred Kneip, CEO at CyberGRX, says we've reached the point where patients who trust healthcare organizations with their health may not be able to trust them with their personal data.

"Healthcare providers need to understand that their third parties' security controls are constantly vulnerable to exploits, and that their reputation is on the line when a breach at one of those third parties puts their patient data at risk," he says.

Read more details here.

Interop ITX 2018

Join Dark Reading LIVE for two cybersecurity summits at Interop ITX. Learn from the industry’s most knowledgeable IT security experts. Check out the security track here. Register with Promo Code DR200 and save $200.

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
4/25/2018 | 7:09:29 AM
Priceless!!!!!
So after a total reconstruct ---- this what I mean when I comment that a disaster recovery plan should be TESTED and verified.  I do not know the precise fault here but in general, when rebuilding at 2 in the morning --- my brain is not thinking right and it is easy to overlook something.  TEST it and do so every 6 months if you can stand it. 
'Hidden Tunnels' Help Hackers Launch Financial Services Attacks
Kelly Sheridan, Staff Editor, Dark Reading,  6/20/2018
Tesla Employee Steals, Sabotages Company Data
Jai Vijayan, Freelance writer,  6/19/2018
Inside a SamSam Ransomware Attack
Ajit Sancheti, CEO and Co-Founder, Preempt,  6/20/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-12633
PUBLISHED: 2018-06-22
An issue was discovered in the Linux kernel through 4.17.2. vbg_misc_device_ioctl() in drivers/virt/vboxguest/vboxguest_linux.c reads the same user data twice with copy_from_user. The header part of the user data is double-fetched, and a malicious user thread can tamper with the critical variables (...
CVE-2018-12634
PUBLISHED: 2018-06-22
CirCarLife Scada v4.2.4 allows remote attackers to obtain sensitive information via a direct request for the html/log or services/system/info.html URI.
CVE-2018-12635
PUBLISHED: 2018-06-22
CirCarLife Scada v4.2.4 allows unauthorized upgrades via requests to the html/upgrade.html and services/system/firmware.upgrade URIs.
CVE-2018-12630
PUBLISHED: 2018-06-21
NEWMARK (aka New Mark) NMCMS 2.1 allows SQL Injection via the sect_id parameter to the /catalog URI.
CVE-2018-12631
PUBLISHED: 2018-06-21
Redatam7 (formerly Redatam WebServer) allows remote attackers to read arbitrary files via /redbin/rpwebutilities.exe/text?LFN=../ directory traversal.