Medical Web Experts Security Bulletin: August 2021

Posted on August 11, 2021

Medical Web Experts is now a SOC 2 Type 1 Certified Compliant Organization

During Q2 2021, Medical Web Experts became a SOC 2 Type 1 compliant organization. The SOC 2 certification was developed by the American Institute of Certified Public Accountants (AICPA) as a way of evaluating whether a company follows the criteria for managing customer data according to their five trust service principles: security, availability, processing integrity, confidentiality, and privacy.

Top 30 Routinely Exploited Vulnerabilities

In a joint advisory CISA, ACSC, the NCSC, and FBI released what they found to be the vulnerabilities most commonly exploited in the wild. All have patches available, yet were found to be the backdoor for attackers in a lot of organizations. This should serve as a reminder of the importance of having a security patching process in place, particularly on internet-exposed endpoints and servers.

NSO Group Under Scrutiny by the Israeli Authorities

After the Pegasus project scandal – where 50,000 phone numbers were leaked, exposing the targets of cyber-espionage by NSO Group clients around the world (which included journalists, human rights activists, and the French President Emmanuel Macron, among others) – the Israeli government is under pressure to investigate the practices behind NSO Group. Under discussion are export licenses for hacking tools, as well as how governments or foreign clients should meet NSO Group’s terms of services, and how that is enforced.

Amnesty International has also released a tool that can be used to check devices suspected of being infected by NSO Group’s spyware.

Healthcare Hosting Provider Breached with Ransomware

Cloudstar, a Florida cloud-based hosting provider that specializes in various industries including healthcare, was hit by a ransomware attack, setting off an ongoing disruption that began on July 16th. Cloudstar engaged a security company to help them with the process of reversing the attack, but most of their clients’ data was compromised, and some of their financial clients are having significant problems.

Ransomware can wreak havoc on both companies and their clients. It’s important to have a complete and periodically-tested disaster recovery plan in place to ensure that your organization can get back to business quickly if something like this happens.

Health Care IT

Pablo Bullian

Pablo, our Chief Information Security Officer, architected and manages Bridge’s HIPAA-compliant hosting infrastructure. He is an Amazon Web Services (AWS) Certified Solutions Architect, Certified Information Systems Security Professional (CISSP), and Cisco Certified Network Associate (CCNA). Pablo has an M.S. in Cybersecurity from the University of Buenos Aires and he’s passionate about alll things related to cybersecurity and cloud hosting.

Illustration. Middle: computer screen. Right: girl holding a key. Left, boy holding a cell phone.

Posted on October 06, 2021 by Pablo Bullian

Medical Web Experts Security Bulletin: October 2021

Walgreens’ Poor Security Measures Exposed Patient Data and Covid-19 Test Results Patients who got a Covid-19 test at Walgreens, possibly as far back as July 2020, were vulnerable to data…Read more

Posted on September 02, 2021 by Pablo Bullian

Medical Web Experts Security Bulletin: September 2021

Infusion Pump Hack Could Allow Attackers to Change Meds Administered to Patients Researchers at McAfee uncovered a hack that allows attackers to take control of B. Braun infusion pumps, which…Read more