Healthcare Vendor News

DHS Issues Cybersecurity Alert To Illumina

The Cybersecuirty and Infrastructure Agency, a component of the DHS, has issued a cybersecurity alert regarding Illumina software and its multiple vulnerabilities. The Local Run Manager program provides a complete solution for collecting samples for a run, selecting run parameters, keeping track of progress, examining sequencing data, and reviewing outcomes. The vulnerabilities were identified by Pentest, an information security consultant, who found the softwares diagnostic devices and research-use only instruments were susceptible to security threats. The instruments named included NextSeq 500, 550 and 550Dx, MiSeq and MiSeq Dx, iSeq 100 and MiniSeq. Amongst these devices, Pentest found that an unauthorized…

Log4j Version Three to Solve High Severity DoS Vulnerability

The original vulnerability determined in Log4j (CVE-2021-44228) that stunned the world thanks to its seriousness, ease of exploitation, and the magnitude of its effect on the software programs and cloud solutions, is not the only vulnerability present in the Java-based logging utility. Right after the launch of version 2.15.0 to fix the vulnerability, version 2.15.0 stayed vulnerable particularly to non-default configurations due to an incomplete patch. The most recent vulnerability CVE-2021-45046 was fixed in version 2.16.0 of Log4j. In the beginning, the low severity vulnerability had a CVSS rating of 3.7; however, the severity score turned to critical (CVSS 9.0)….

Medtronic MiniMed Remote Controllers Recalled Due to Major Cybersecurity Issue

The Food and Drug Administration (FDA) has given a notification to end-users of Medtronic wireless insulin pumps concerning a critical security vulnerability impacting a number of remote controllers. MiniMed insulin pumps are employed to deliver insulin to help control diabetes. The pumps come with an optional remote controller device for connecting wirelessly with the insulin pump. A security analyst found a cybersecurity issue in older versions of remote controllers that employ previous-generation technology that can likely be used to cause harm to consumers of the pumps. An unauthorized individual could use the cybersecurity vulnerability to report and playback the wireless…

Philips Vue PACS Products Affected by Multiple Critical Vulnerabilities

Several vulnerabilities were found in Philips Vue PACS items, 5 were critical vulnerabilities having a 9.8 severity score and 4 were high severity vulnerabilities. Attackers can exploit a few of the vulnerabilities remotely with a low attack complexity. An attacker that successfully exploits the vulnerability would be able to acquire system access, snoop, view and change information, execute arbitrary code, set up unauthorized software programs, or compromise system integrity and acquire access to sensitive information, or adversely impact the availability of the system. Philips reported the vulnerabilities lately to CISA as well as the impacted list of Philips Vue PACS…

FTC Reaches Settlement with Zoom Over Allegations of Cybersecurity Issues and Misleading Security Practices

The U.S. Federal Trade Commission has arrived at a settlement deal with teleconferencing platform provider Zoom to take care of allegations that it misinformed its consumers regarding the level of encryption and did not carry out proper cybersecurity protections for its consumers. Throughout the pandemic, Zoom platform usage exploded as businesses and consumers used the platform to retain communication with family and friends. Remote employees utilized the platform to connect and collaborate with the company while doing work at home. The communication platform turned out to be very well-known in healthcare for offering telehealth services. It is additionally popular in…

Microsoft Releases Patch to Correct Critical Wormable Windows DNS Server Vulnerability

Microsoft has introduced a patch to resolve a 17-year old wormable remote code execution vulnerability identified in Windows DNS Server. The vulnerability can be exploited remotely, demand a low-level skill to exploit, and could permit an attacker to seize full control of the entire IT infrastructure of a company. Security researchers at Check Point discovered vulnerability CVE-2020-1350 and named it SIGRed. The vulnerability can be found on all Windows Server versions starting from 2003 until 2019 and was designated the maximum CVSS v3 score of 10 out of 10. The flaw is wormable, thus an attacker could exploit the vulnerability…