Medical Web Experts Security Bulletin: August 2021

Pablo Bullian

Pablo Bullian

Posted on August 11, 2021

Medical Web Experts is now a SOC 2 Type 1 Certified Compliant Organization

During Q2 2021, Medical Web Experts became a SOC 2 Type 1 compliant organization. The SOC 2 certification was developed by the American Institute of Certified Public Accountants (AICPA) as a way of evaluating whether a company follows the criteria for managing customer data according to their five trust service principles: security, availability, processing integrity, confidentiality, and privacy.

Top 30 Routinely Exploited Vulnerabilities

In a joint advisory CISA, ACSC, the NCSC, and FBI released what they found to be the vulnerabilities most commonly exploited in the wild. All have patches available, yet were found to be the backdoor for attackers in a lot of organizations. This should serve as a reminder of the importance of having a security patching process in place, particularly on internet-exposed endpoints and servers.

NSO Group Under Scrutiny by the Israeli Authorities

After the Pegasus project scandal – where 50,000 phone numbers were leaked, exposing the targets of cyber-espionage by NSO Group clients around the world (which included journalists, human rights activists, and the French President Emmanuel Macron, among others) – the Israeli government is under pressure to investigate the practices behind NSO Group. Under discussion are export licenses for hacking tools, as well as how governments or foreign clients should meet NSO Group’s terms of services, and how that is enforced.

Amnesty International has also released a tool that can be used to check devices suspected of being infected by NSO Group’s spyware.

Healthcare Hosting Provider Breached with Ransomware

Cloudstar, a Florida cloud-based hosting provider that specializes in various industries including healthcare, was hit by a ransomware attack, setting off an ongoing disruption that began on July 16th. Cloudstar engaged a security company to help them with the process of reversing the attack, but most of their clients’ data was compromised, and some of their financial clients are having significant problems.

Ransomware can wreak havoc on both companies and their clients. It’s important to have a complete and periodically-tested disaster recovery plan in place to ensure that your organization can get back to business quickly if something like this happens.

Pablo Bullian

Pablo Bullian

Pablo, our Chief Information Security Officer, architected and manages Bridge’s HIPAA-compliant hosting infrastructure. He is an Amazon Web Services (AWS) Certified Solutions Architect, Certified Information Systems Security Professional (CISSP), and Cisco Certified Network Associate (CCNA). Pablo has an M.S. in Cybersecurity from the University of Buenos Aires and he’s passionate about alll things related to cybersecurity and cloud hosting.

Related Posts

Illustration of four people in a healthcare organization discuss ideas and the roadmap for their softare development project.

Posted on December 03, 2021 by Paul Galbraith

When embarking on a software development project, there are often many unknowns: How should legacy software integrate with new solutions? What compliance issues need to be solved? How can technologies…Read more

Illustration. Middle: computer screen. Right: girl holding a key. Left, boy holding a cell phone.

Posted on November 09, 2021 by Pablo Bullian

PHI Leaked Due to Fresno’s Health Network Hack A group of health clinics in the Fresno area that belongs to United Health Centers were hit by a ransomware attack. Not…Read more

Subscribe to Our Newsletter

Get promotions and current business tips. Sign up for our newsletter today.