Medical Web Experts Security Bulletin: August 2021

Posted on August 11, 2021

Medical Web Experts is now a SOC 2 Type 1 Certified Compliant Organization

During Q2 2021, Medical Web Experts became a SOC 2 Type 1 compliant organization. The SOC 2 certification was developed by the American Institute of Certified Public Accountants (AICPA) as a way of evaluating whether a company follows the criteria for managing customer data according to their five trust service principles: security, availability, processing integrity, confidentiality, and privacy.

Top 30 Routinely Exploited Vulnerabilities

In a joint advisory CISA, ACSC, the NCSC, and FBI released what they found to be the vulnerabilities most commonly exploited in the wild. All have patches available, yet were found to be the backdoor for attackers in a lot of organizations. This should serve as a reminder of the importance of having a security patching process in place, particularly on internet-exposed endpoints and servers.

NSO Group Under Scrutiny by the Israeli Authorities

After the Pegasus project scandal – where 50,000 phone numbers were leaked, exposing the targets of cyber-espionage by NSO Group clients around the world (which included journalists, human rights activists, and the French President Emmanuel Macron, among others) – the Israeli government is under pressure to investigate the practices behind NSO Group. Under discussion are export licenses for hacking tools, as well as how governments or foreign clients should meet NSO Group’s terms of services, and how that is enforced.

Amnesty International has also released a tool that can be used to check devices suspected of being infected by NSO Group’s spyware.

Healthcare Hosting Provider Breached with Ransomware

Cloudstar, a Florida cloud-based hosting provider that specializes in various industries including healthcare, was hit by a ransomware attack, setting off an ongoing disruption that began on July 16th. Cloudstar engaged a security company to help them with the process of reversing the attack, but most of their clients’ data was compromised, and some of their financial clients are having significant problems.

Ransomware can wreak havoc on both companies and their clients. It’s important to have a complete and periodically-tested disaster recovery plan in place to ensure that your organization can get back to business quickly if something like this happens.

Health Care IT

Pablo Bullian

Pablo, our Chief Information Security Officer, architected and manages Medical Web Expert’s HIPAA-compliant hosting infrastructure. He is a Certified Information Systems Security Professional (CISSP), Amazon Web Services (AWS) Certified Solutions Architect, and Cisco Certified Network Associate (CCNA). Pablo has an M.S. in Cybersecurity from the University of Buenos Aires and he’s passionate about all things related to cybersecurity and cloud hosting.

Graphic of a large laptop with a shield and padlock in front of it. Smaller images of people on the left and right side of the labtop interact with various mobile devices.

Posted on February 16, 2022 by Pablo Bullian

Medical Web Experts Security Bulletin: February 2022

Welcome back to the Medical Web Experts Security Bulletin. Below are some recent developments that may impact your organization, as well as our recommendations for keeping your systems secure. Mitigating…Read more

Illustration of a boy sittin on top of a computer with security shields floating.

Posted on January 07, 2022 by Pablo Bullian

Medical Web Experts Security Bulletin: January 2022

A Look at 2021’s Most Dangerous Vulnerabilities Found in Windows Patching is a complex task that most companies struggle with or overlook, but keeping systems, and therefore patches, updated is…Read more