Vulnerabilities / Threats

4/24/2018
12:10 PM
Kelly Sheridan
Kelly Sheridan
Quick Hits
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
50%
50%

MEDantex Healthcare Transcription Firm Accidentally Exposes Medical Records

Exposed data likely the result of a flawed system rebuild after a recent ransomware attack on the company.

MEDantex, a healthcare transcription service based in Wichita, Kansas, shut down its customer portal when it learned sensitive medical records for thousands of doctors were exposed online. The firm provides medical transcription for private physicians, hospitals, and clinics including New York University Medical Center and San Francisco Multi-Specialty Medical Group.

Physicians can upload audio notes about their patients to a MEDantex Web portal, which is supposed to be password-protected but was found by KrebsOnSecurity to be open to the public Internet. Several online tools for MEDantex employees were also exposed, including pages where anyone could add or delete users, or search for patient records by patient name or physician name, without submitting any type of authentication.

One of the primary directories exposed included more than 2,300 physicians. Each directory included varying numbers of patient records, and was displayed and available for download as Microsoft Word docs or raw audio files, the report explains. While it's unclear how long the data was accessible, a Google cache shows it was open on April 10, 2018.

Sreeram Pydah, founder and chief executive of MEDantex, confirmed the company recently had to rebuild its online servers after being hit with a form of ransomware called WhiteRose. The error leading to the exposure of patient records is seemingly part of the rebuild. Pydah says the company planned to take the site offline to figure out how the mistake occurred.

The latest Verizon DBIR report shows nearly a quarter of all breaches in 2017 affected healthcare organizations. It's the only industry where insiders cause more damage than outsiders: insiders were responsible for 56% of healthcare breaches last year.

Fred Kneip, CEO at CyberGRX, says we've reached the point where patients who trust healthcare organizations with their health may not be able to trust them with their personal data.

"Healthcare providers need to understand that their third parties' security controls are constantly vulnerable to exploits, and that their reputation is on the line when a breach at one of those third parties puts their patient data at risk," he says.

Read more details here.

Interop ITX 2018

Join Dark Reading LIVE for two cybersecurity summits at Interop ITX. Learn from the industry’s most knowledgeable IT security experts. Check out the security track here. Register with Promo Code DR200 and save $200.

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
4/25/2018 | 7:09:29 AM
Priceless!!!!!
So after a total reconstruct ---- this what I mean when I comment that a disaster recovery plan should be TESTED and verified.  I do not know the precise fault here but in general, when rebuilding at 2 in the morning --- my brain is not thinking right and it is easy to overlook something.  TEST it and do so every 6 months if you can stand it. 
Election Websites, Back-End Systems Most at Risk of Cyberattack in Midterms
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/14/2018
Intel Reveals New Spectre-Like Vulnerability
Curtis Franklin Jr., Senior Editor at Dark Reading,  8/15/2018
Australian Teen Hacked Apple Network
Dark Reading Staff 8/17/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-15504
PUBLISHED: 2018-08-18
An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. The server mishandles some HTTP request fields associated with time, which results in a NULL pointer dereference, as demonstrated by If-Modified-Since or If-Unmodified-Since with a month greater than 11.
CVE-2018-15505
PUBLISHED: 2018-08-18
An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. An HTTP POST request with a specially crafted "Host" header field may cause a NULL pointer dereference and thus cause a denial of service, as demonstrated by the lack of a trailing ']' character in an IPv6 a...
CVE-2018-15492
PUBLISHED: 2018-08-18
A vulnerability in the lservnt.exe component of Sentinel License Manager version 8.5.3.35 (fixed in 8.5.3.2403) causes UDP amplification.
CVE-2018-15494
PUBLISHED: 2018-08-18
In Dojo Toolkit before 1.14, there is unescaped string injection in dojox/Grid/DataGrid.
CVE-2018-15495
PUBLISHED: 2018-08-18
/filemanager/upload.php in Responsive FileManager before 9.13.3 allows Directory Traversal and SSRF because the url parameter is used directly in a curl_exec call, as demonstrated by a file:///etc/passwd value.