Medical Web Experts Security Bulletin: May 2021

Pablo Bullian

Pablo Bullian

Posted on May 05, 2021

Featured image

Welcome back to the Medical Web Experts Security Bulletin. Below are some recent developments that may impact your organization, as well as our recommendations for keeping your systems secure.

EU Regulators Fine Booking.com for Not Disclosing Breach in Time

Travel company Booking.com was hacked in January 2019, and PII from 4,000 customers was stolen. Because they missed the GDPR’s 72-hour window for disclosing a breach, Booking.com was fined around half a million dollars.

Though this is due to Europe’s GDPR regulations, HIPAA in the US imposes a similar stipulation with their Breach Notification Rule. It’s important to regularly review your Incident Management and Response policy to make sure you’re staying in line with HIPAA, CCPA, and other states’ data privacy regulations.

American College of Emergency Physicians Breached by Malware

The Texas-based ACEP alerted regulators about a breach in one of their SQL databases. This breach was traced back to a server that held the SQL database credentials and had been hit with malware. It was detected upon monitoring a suspicious access to the database, and 70,300 individuals were affected.

Monitoring is crucial in keeping infrastructure secure and containing breaches early on. It’s also important to have robust infrastructure security in layers that only allows authorized servers to access databases.

Cyberattack on Brown University

A group of Windows-based machines were recently targeted by attackers in order to access the Brown University’s network. The attack brought down several internal services, and staff were asked to switch to other non-Windows devices.

Since then, the university has taken down the affected system in order to contain the attack. Having a strong monitoring and reporting system can help detect attacks such as this early on.

FBI Hacked US Companies in Order to Clean Up Microsoft Exchange Hacks

The FBI got court approval in April to access vulnerable Microsoft Exchange servers in the US that had been hacked. The FBI notified the companies after they removed remote shells that the hackers (supposedly led by a large Chinese hacking group) used to read or modify emails on an affected system.

The vulnerability was discovered months ago, but many companies remained infected because they hadn’t cleaned up and updated their affected servers.

Password Manager Solution Hacked; 29k Enterprises Affected

Using a password manager is a great way to keep track of all your passwords, and to avoid re-using them or storing them in insecure places. But password manager tools can also be hacked. Passwordstate was recently the victim of a supply-chain attack, which was similar to the recently infamous SolarWinds hack. Users downloaded and installed a software update that was infected with malware. All of Passwordstate’s clients were asked to change every password in their vaults immediately, because they may have been exposed to the attack.


Pablo Bullian

Pablo Bullian

Pablo, our Chief Information Security Officer, architected and manages Bridge’s HIPAA-compliant hosting infrastructure. He is an Amazon Web Services (AWS) Certified Solutions Architect, Certified Information Systems Security Professional (CISSP), and Cisco Certified Network Associate (CCNA). Pablo has an M.S. in Cybersecurity from the University of Buenos Aires and he’s passionate about alll things related to cybersecurity and cloud hosting.

Related Posts

Illustration. Middle: computer screen. Right: girl holding a key. Left, boy holding a cell phone.

Posted on November 09, 2021 by Pablo Bullian

PHI Leaked Due to Fresno’s Health Network Hack A group of health clinics in the Fresno area that belongs to United Health Centers were hit by a ransomware attack. Not…Read more


Illustration of three cell phones, each with a different screen pertaining to a lab portal.

Posted on November 03, 2021 by Paul Galbraith

Anyone offering laboratory testing services to physicians or directly to patients should offer a modern patient-facing lab portal that incorporates key features and is aligned with the principles of the…Read more


Newsletter
Subscribe to Our Newsletter

Get promotions and current business tips. Sign up for our newsletter today.