Medical Web Experts Security Bulletin: May 2021

Pablo Bullian

Pablo Bullian

Posted on May 05, 2021

Featured image

Welcome back to the Medical Web Experts Security Bulletin. Below are some recent developments that may impact your organization, as well as our recommendations for keeping your systems secure.

EU Regulators Fine for Not Disclosing Breach in Time

Travel company was hacked in January 2019, and PII from 4,000 customers was stolen. Because they missed the GDPR’s 72-hour window for disclosing a breach, was fined around half a million dollars.

Though this is due to Europe’s GDPR regulations, HIPAA in the US imposes a similar stipulation with their Breach Notification Rule. It’s important to regularly review your Incident Management and Response policy to make sure you’re staying in line with HIPAA, CCPA, and other states’ data privacy regulations.

American College of Emergency Physicians Breached by Malware

The Texas-based ACEP alerted regulators about a breach in one of their SQL databases. This breach was traced back to a server that held the SQL database credentials and had been hit with malware. It was detected upon monitoring a suspicious access to the database, and 70,300 individuals were affected.

Monitoring is crucial in keeping infrastructure secure and containing breaches early on. It’s also important to have robust infrastructure security in layers that only allows authorized servers to access databases.

Cyberattack on Brown University

A group of Windows-based machines were recently targeted by attackers in order to access the Brown University’s network. The attack brought down several internal services, and staff were asked to switch to other non-Windows devices.

Since then, the university has taken down the affected system in order to contain the attack. Having a strong monitoring and reporting system can help detect attacks such as this early on.

FBI Hacked US Companies in Order to Clean Up Microsoft Exchange Hacks

The FBI got court approval in April to access vulnerable Microsoft Exchange servers in the US that had been hacked. The FBI notified the companies after they removed remote shells that the hackers (supposedly led by a large Chinese hacking group) used to read or modify emails on an affected system.

The vulnerability was discovered months ago, but many companies remained infected because they hadn’t cleaned up and updated their affected servers.

Password Manager Solution Hacked; 29k Enterprises Affected

Using a password manager is a great way to keep track of all your passwords, and to avoid re-using them or storing them in insecure places. But password manager tools can also be hacked. Passwordstate was recently the victim of a supply-chain attack, which was similar to the recently infamous SolarWinds hack. Users downloaded and installed a software update that was infected with malware. All of Passwordstate’s clients were asked to change every password in their vaults immediately, because they may have been exposed to the attack.

Pablo Bullian

Pablo Bullian

Pablo, our Chief Information Security Officer, architected and manages Medical Web Expert’s HIPAA-compliant hosting infrastructure. He is a Certified Information Systems Security Professional (CISSP), Amazon Web Services (AWS) Certified Solutions Architect, and Cisco Certified Network Associate (CCNA). Pablo has an M.S. in Cybersecurity from the University of Buenos Aires and he’s passionate about all things related to cybersecurity and cloud hosting.

Related Posts

Graphic of a large laptop with a shield and padlock in front of it. Smaller images of people on the left and right side of the labtop interact with various mobile devices.

Posted on February 16, 2022 by Pablo Bullian

Welcome back to the Medical Web Experts Security Bulletin. Below are some recent developments that may impact your organization, as well as our recommendations for keeping your systems secure. Mitigating…Read more

Illustration of a boy sittin on top of a computer with security shields floating.

Posted on January 07, 2022 by Pablo Bullian

A Look at 2021’s Most Dangerous Vulnerabilities Found in Windows Patching is a complex task that most companies struggle with or overlook, but keeping systems, and therefore patches, updated is…Read more