Microsoft re-issues warning to patch Exchange server security

Credit Microsoft Security

PARCA eNews – June 24, 2020 – Microsoft has issued a further warning to all Exchange users to patch the critical Microsoft Exchange memory corruption vulnerability CVE-2020-0688.

Microsoft released an update to correct the vulnerability in February 2020 and an alert was issued in March when the flaw started to be exploited by APT groups according to HIPAA Journal.

Flaw in Philips ultrasound machines allows bypass of authentication

Photo credit Phillips

PARCA eNews – July 15, 2020 – Philips issued a warning about an authentication bypass affecting Philips Ultrasound Systems (CVE-2020-14477) that can potentially be used to allow an attacker to view or modify information. The vulnerability is due to the presence of an alternative path or channel that can be used to bypass authentication controls.

FBI and CISA warn organizations of risks of TOR users

PARCA eNews – The Cybersecurity and Infrastructure Security Agency (CISA) last week released a joint report with the Federal Bureau of Investigation (FBI) warning of cyber-attacks using The Onion Router (Tor).

Tor is software that allows users to browse the web anonymously by encrypting and routing requests through multiple relay layers or nodes. While this software can be used legally to protect individuals who wish their information to remain anonymous on the internet, cyber threat actors can use Tor software and network infrastructure for anonymity and obfuscation purposes to clandestinely conduct malicious cyber operations.

Adding the next layer of security: offensive cybersecurity research

Offensive cybersecurity researcher Vasilios Hioureas

With the recent reports about the cybersecurity vulnerabilities of PACS systems and networks, PARCA eNews reached out to cybersecurity expert Vasilios Hioureas, who is an offensive cybersecurity researcher for Malwarebytes. Malwarebytes proactively protects people and businesses against dangerous threats such as malware, ransomware and exploits that escape detection by traditional antivirus solutions. Mr. Hioureas is a software engineer and analyst with more than 15 years experience in analyzing security weaknesses in a variety of systems. He previously held positions as Information Security Engineering Manager at ARES Management, malware analyst at Kaspersky Lab and software engineer for gaming developers. At Malwarebytes, Mr. Hioureas creates and tests exploit proofs of concept, cloud infrastructure vulnerabilities and leaks, and creates automated tools for discovery of public cloud infrastructure vulnerabilities. Mr. Hioureas has written and commented on a variety of cybersecurity issues for a number of online publications including ZDnet, Security Boulevard, Wired, and Digital Trends.

3D Scanners making their way into clinics and hospitals

Tech scans the cranium of a child – Image credit Sculpteo

PARCA eNews – May 15, 2020 – A lot has been written and featured in news about the 3D printing revolution and how such technology is being adapted to medicine to print everything from bone replacement parts to blood vessels and even human eyes.

Much less attention has been paid 3D scanners, which are being developed in conjunction with 3D printing. Currently being developed and experimented in academic research institutions, 3D scanning tools may soon make their way into hospitals, clinics and even doctors’ offices.

CISA and FBI issues top 10 cybersecurity exploits

PARCA eNews – May 12, 2020 – The Cybersecurity and Infrastructure Security Agency (CISA), the FBI released its latest list of cybersecurity exploits over the past 4 years. The technical guidance is intended to help IT security professionals at public and private sector organizations prioritize security efforts.

Healthcare IT professionals jump into the COVID-19 fray

Enli’s COVID-19 care coordination solution is a 

cloud-based patient tracking program

PARCA eNews – May 10, 2020 – With the COVID-19 outbreak spreading across the country like wildfire, healthcare IT professionals have jumped in with both feet developing more than 95 COVID-19 interoperability projects in just a few short weeks. 

As part to the Office of the National Coordinator’s Interoperability Proving Ground, the subset of interoperability projects focused specifically on COVID-19 mushroomed with projects ranging from care coordination tracking programs to COVID patient monitoring and tracking projects to assessment tools for determining whether a person should be tested along with links to the person’s local health authority for testing.

COVID--19 spurs uptick in cybersecurity attacks

PARCA eNews – May 8, 2020 – In a March 2020 consulting firm Deloitte issued a report entitled ‘COVID-19’s Impact on Cybersecurity’ showing that cybercriminals are capitalizing on the pandemic. 

The report issued by the company’s Cyber Intelligence Center noted a spike in phishing attacks, malware and ransomware attacks since the COVID-19 crisis has prompted companies, government agencies and private institutions conduct more business via remote computer connections. 

ONC and CDC compile a single-page COVID-19 resource page

PARCA eNews – May 7, 2020 – The Office of the National Coordinator in collaboration with the Centers for Disease Control and Prevention (CDC) has compiled a comprehensive list of resources for Health IT tracking, and dealing with the government response to the COVID-19 pandemic. The resources are aimed at providing clear direction for electronic health information exchanges and facilitate effective strategies to combat COVID-19 including:

AHA issues guidelines for secure working from home

PARCA eNews – May 2, 2020 – With many physicians and healthcare providers working from home and seeing patients via telehealth platforms, the American Hospital Association (AHA) and American Medical Association (AMA) published guidelines to ensure such communications remain safe from cyber threats and comply with privacy regulations.

Noting that cyber criminals are taking advantage of the COVID-19 crisis to target physicians and other health providers to gain access to patient records information.

To help providers to protect their computers and home networks, the organizations compiled a checklist of actions providers should take immediately to strengthen their cybersecurity. Acknowledging the checklist is not an exhaustive list of security measures, the list covers most of the basic measures IT professionals routinely use for office and clinic networks. It covers safeguards that need to be taken for passwords, web browsers, antivirus software, updated operating systems and firewalls.