Medical Web Experts Security Bulletin: April 2021

Pablo Bullian

Pablo Bullian

Posted on April 01, 2021

Welcome back to the Medical Web Experts Security Bulletin. Below are some recent developments that may impact your organization, as well as our recommendations for keeping your systems secure.

Do business in Virginia? They just passed a major data privacy law

The state of Virginia has passed the Consumer Data Protection Act, which is similar to California’s CCPA. This new law defines how controllers (i.e. a person or group that determines how collected data is used) should collect, handle, and share personal information.

If your organization does business in Virginia, you need to be ready for this (and for similar laws that other states could introduce in the future). Medical Web Experts offers a number of compliance audits, including California’s CCPA, Virginia’s CDPA, Europe’s GDPR, ADA, HIPAA, and more. Contact us to learn how to get your website, apps, and portals compliant.

Hacked therapy center Vastaamo is liquidating its assets

The story of Vastaamo is one that shows just how devastating a hack can be for a business. Ever since hackers held private mental health services company Vastaamo’s patient data ransom for nearly half a million euros, the company has been in both PR and financial trouble. Vastaamo lost much of their clientele after the scandal, and the business can no longer support itself.

This story serves as an example of just how important it is to keep PHI or PII secure, and to have strong risk assessment and security policies in place.

Microsoft Defender Antivirus now detects hacked exchange servers

Microsoft has created an automatic mitigation tool to contain security incidents caused by the bugs that have affected millions of exchange servers in the past few weeks. We recommend turning on all automatic updates for these security tools on your servers and workstations. Even though Microsoft had already released patches to address these bugs, thousands of servers are still at risk and are being exploited because they don’t have the latest patches.

Australian health center cancels surgeries after being hacked

No details have emerged, but an Australian health center had to disconnect large parts of its IT networks and devices after a security incident. This incident had a direct impact on scheduled surgeries and procedures.

Again, this news shows just how problematic a hack can be in sensitive industries like healthcare. Having a strong security plan and policies in place, and segmenting these critical or delicate systems (as well as their data), would help prevent major disruptions.


Pablo Bullian

Pablo Bullian

Pablo, our Chief Information Security Officer, architected and manages Bridge’s HIPAA-compliant hosting infrastructure. He is an Amazon Web Services (AWS) Certified Solutions Architect, Certified Information Systems Security Professional (CISSP), and Cisco Certified Network Associate (CCNA). Pablo has an M.S. in Cybersecurity from the University of Buenos Aires and he’s passionate about alll things related to cybersecurity and cloud hosting.

Related Posts

Illustration. Middle: computer screen. Right: girl holding a key. Left, boy holding a cell phone.

Posted on October 06, 2021 by Pablo Bullian

Walgreens’ Poor Security Measures Exposed Patient Data and Covid-19 Test Results Patients who got a Covid-19 test at Walgreens, possibly as far back as July 2020, were vulnerable to data…Read more


Posted on September 02, 2021 by Pablo Bullian

Infusion Pump Hack Could Allow Attackers to Change Meds Administered to Patients Researchers at McAfee uncovered a hack that allows attackers to take control of B. Braun infusion pumps, which…Read more