High Severity Vulnerability Identified in MicroDicom DICOM Viewer

Posted by Steve Alder

A high-severity vulnerability has been identified in the MicroDicom DICOM Viewer, a popular free-to-use software for viewing and manipulating DICOM medical images.

The vulnerability can be exploited remotely in a low complexity attack, and successful exploitation can allow the execution of arbitrary code on vulnerable installations of DICOM Viewer; however, user interaction is required to exploit the vulnerability. A threat actor would need to convince a user to open a malicious DICOM file locally or visit a specially crafted malicious web page, for example, through social engineering or phishing.

The vulnerability affects DICOM Viewer version 2025.2 (Build 8154) and prior versions and is tracked as CVE-2025-5943.  The vulnerability is an out-of-bounds write issue, where it is possible to write to memory outside the bounds of the intended buffer and execute arbitrary code. The vulnerability has been assigned a CVSS v4 base score of 8.6 out of 10 and a CVSS v3.1 base score of 8.8 out of 10. While there have been no known cases of the vulnerability being exploited in the wild at the time of disclosure, prompt patching is recommended. The vulnerability has been fixed in version 2025.3 and later versions.

The vulnerability was identified by independent security researcher Michael Heinzl, who reported the vulnerability to the U.S. Cybersecurity and Infrastructure Agency (CISA). The latest announcement follows a May 2025 disclosure of two high-severity vulnerabilities, a February 2025 disclosure of a medium-severity vulnerability that can be exploited in a machine-in-the-middle (MitM) attack, and four high-severity vulnerabilities identified in 2024 and disclosed in March and June last year.

Since vulnerabilities are frequently discovered, it is advisable to locate DICOM Viewer behind a firewall, to isolate it from business networks, and if remote access is required, to use a secure method of connection such as a Virtual Private Network (VPN) and ensure that the VPN is kept up to date.

The post High Severity Vulnerability Identified in MicroDicom DICOM Viewer appeared first on The HIPAA Journal.

Trump Administration Appoints Deputy HHS Secretary & National Coordinator for Health IT

Posted by Steve Alder

There have been a further two appointments to leadership positions at the U.S. Department of Health and Human Services (HHS). Robert F. Kennedy, Jr., has sworn in Jim O’Neill as Deputy HHS Secretary, and Thomas Keane, MD, MBA, has been named as the new Assistant Secretary for Technology Policy/National Coordinator for Health Information Technology. Last week, the HHS appointed Paula M Stannard as the new Director of the HHS’ Office for Civil Rights (OCR).

Deputy HHS Secretary, Jim O'Neill

Jim O’Neill, Deputy Secretary, Department of Health and Human Services.

Jim O’Neill is a HHS veteran, having served in the department for almost six years between 2002 and 2008, first as Director of the Speech and Editorial Division, then Associate Deputy Secretary and Senior Advisor to the Deputy Secretary, and as Principal Associate Deputy Secretary between 2007 and 2008. In the latter role, O’Neill led reforms at the U.S. Food and Drug Administration (FDA) to overhaul food safety regulations and implemented the FDA Amendments Act to improve the safety of drugs and medical devices.

After leaving the HHS, O’Neill oversaw the development of tools and techniques for enhancing background checks as a member of the Suitability and Security Clearance Performance Accountability Council, served as Managing Director at the global macro hedge fund Clarium Captial Management, Acting CEO of the Thiel Foundation supporting nonprofits promoting technology and freedom, and co-founded the Thiel Fellowship, which has helped many young entrepreneurs found science and tech firms.

O’Neill has also served on the Board of Directors at Advantage Therapeutics Inc., as Board Observer at Oisin Biotechnologies, and was on the Board of Directors at the SENS Research Foundation, where as CEO he led efforts to research and develop regenerative medicine solutions for age-related diseases such as Alzheimer’s, heart disease, and cancer.

“Jim O’Neill’s extensive experience in Silicon Valley and government makes him ideally suited to transition HHS into a technological innovation powerhouse. He will help us harness cutting-edge AI, telemedicine, and other breakthrough technologies to deliver the highest quality medical care for Americans,” said Secretary Kennedy. “As my deputy, he will lead innovation and help us reimagine how we serve the public. Together, we will promote outcome-centric medical care, champion radical transparency, uphold gold-standard science, and empower Americans to take charge of their own health.”

“I am deeply honored to return to HHS,” said Deputy Secretary O’Neill. “All Americans deserve to be healthy, happy, and prosperous, and President Trump and Secretary Kennedy have the right vision and leadership to get us there.”

Assistant Secretary for Technology Policy/National Coordinator for Health Information Technology, Thomas Keane, MD.

Thomas Keane, MD. Assistant Secretary for Technology Policy/National Coordinator for Health Information Technology.

Thomas Keane, MD, MBA, has also rejoined the HHS, becoming the second Assistant Secretary for Technology Policy and the ninth National Coordinator for Health Information Technology (ASTP/ONC). Dr. Keane, a physician, engineer, and interventionalist radiologist, previously served at the HHS as Senior Advisor to the Deputy Secretary of Health and Human Services.

Keane was an administrator of the COVID-19 Provider Relief Fund and led the development of the AHRQ National Nursing Home COVID Action Network, which helped improve infection control and safety practices in nursing facilities. Dr. Keane has also served as CEO of Radiology Associates of Southeastern Ohio, an interventional radiology fellow at Johns Hopkins Hospital, and a radiology resident at New York Presbyterian Hospital. In the new role, DR. Keane will play a key role in shaping the future of Health IT and the HHS technology strategy.

The post Trump Administration Appoints Deputy HHS Secretary & National Coordinator for Health IT appeared first on The HIPAA Journal.

Kettering Health Confirmed Patient Data Compromised in May 2025 Ransomware Attack

Posted by Steve Alder

Kettering Health has provided an update on its May 20, 2025, ransomware attack. The investigation confirmed that the Interlock ransomware group first gained access to its network on April 9, 2025, and retained access until May 20, 2025, when the attack was detected and the unauthorized access was blocked. During that time, the ransomware group accessed or copied files containing patient information.

Kettering Health has been providing regular updates on its progress recovering from the attack and has now completed its file review. The review confirmed that current and former patients had the following information compromised in the attack: first and last name, contact information, date of birth, Social Security number, patient identification number, medical record number, medical information, treatment information, diagnosis information, health insurance information, driver’s license/state identification number, financial account information, and/or education records.

Kettering Health said it has reviewed its policies, procedures, and processes related to data security and has taken steps to prevent similar incidents in the future. Kettering Health said it is unaware of any misuse of the exposed information and has provided patients with information on how they can protect themselves against identity theft and fraud. Complimentary credit monitoring and identity theft protection services do not appear to have been offered.

The data breach was reported to the HHS’ Office for Civil Rights on July 21, 2025, using a placeholder estimate of at least 501 affected individuals. The total has not yet been updated, so it is still unclear how many individuals have been affected.

June 13, 2025: Kettering Health Resumes Normal Operations for Key Services Following Ransomware Attack

It has taken three weeks, but Kettering Health has confirmed that it has resumed normal operations for key services following its May 20, 2025, Interlock ransomware attack. Kettering Health has been releasing regular updates on the progress being made restoring its systems, confirming that the core components of its Epic EHR system were restored on the morning on June 2, 2025, which allowed patient data to be entered, and the backlog of data recorded on paper to start to be entered into patient records.

Interlock’s access to its network and system was immediately terminated when the attack was discovered, and Kettering Health confirmed on June 5, 2025, that all of the ransomware group’s tools and persistence mechanisms had been eradicated from its systems. Kettering Health also confirmed that all systems were fully up to date with the latest versions of software installed and patches applied, and security enhancements had been implemented, including network segmentation, enhanced monitoring, and updated access controls. Kettering Health said it is confident that its cybersecurity framework and employee security training are sufficient to mitigate future risks.

The primary purpose throughout the incident response has been to ensure quality care was still provided to patients while ensuring that all network-connected devices were secure and connections with its partners were fully protected. Kettering Health stated the main focus has now shifted from securing systems to ensuring that patient communication systems and scheduling systems are fully restored.

On June 9, 2025, Kettering Health confirmed that MyChart access for patients had been restored in a limited capacity and patients could view their upcoming appointments, schedule appointments, view prescriptions and fill refills, view test results, and message providers. All surgeries had also resumed. On June 10, 2025, Kettering Health announced that normal operations had been resumed for several key services, including surgery, imaging, retail pharmacy, and physician office visits. MyChart access had been fully restored, and its phone lines were functional and stable.

The recovery process continues to restore further systems, and the data analysis is progressing to determine the extent of data theft. No estimate has been provided so far on the number of individuals affected, only a placeholder of 501 individuals registered with the HHS’ Office for Civil Rights. Individual notification letters will be mailed to the affected individuals as soon as possible, including information about credit monitoring and fraud protection services.

June 5, 2025: Kettering Health Ransomware Attack: Interlock Ransomware Group Leaks Stolen Data

Kettering Health is continuing to make progress in recovering from its May 20, 2025, ransomware attack. While its EHR has been restored, other IT systems remain offline, with disruption continuing at its Ohio medical centers and outpatient facilities. Earlier this week, Kettering Health issued an update confirming that a small subset of patient data was stolen in the attack, although the extent of the data breach has yet to be confirmed.

Kettering Health has not named the ransomware group behind the incident, although CNN claimed to have viewed a copy of a ransom note indicating the Interlock ransomware group was responsible. This week, Interlock claimed responsibility for the attack and added Kettering Health to its dark web data leak site and listed the stolen data for download, indicating the ransom was not paid.

The Interlock claims to have stolen 941 GB of data from Kettering Health before ransomware was used to encrypt files. The stolen data includes 732,490 files spread across 20,418 folders. The HIPAA Journal has not downloaded any of the data, so it cannot confirm the extent to which patient and employee data has been compromised. Based on the folder and file names, the stolen data appears to include payroll information, employee files, scans of identity documents, police security personnel files, Medicaid application documents, pharmacy and blood bank documents, financial revenue reports, corporate insurance files, corporate tax information, budget reports, and patient files.

June 3, 2025: Kettering Health Restores EHR After Ransomware Attack

Kettering Health said it restored the core components of its Epic electronic health record (EHR) system on the morning of June 2, 2025, and it is now possible to enter patient information directly into electronic health records. Patient information that was recorded manually during the outage can now be added to patients’ digital health records. The restoration of the EHR will allow care teams to communicate more effectively and coordinate patient care with greater speed and clarity.

Kettering Health said more than 200 people from its information systems team, clinical team, and the software company Epic have been working around the clock over the past two weeks to get to this point. “This marks a major milestone in our broader restoration efforts and a vital step toward returning to normal operations,” explained Kettering Health. The restoration of other IT systems is continuing, including its MyChart patient portal and its inbound and outbound phone lines. Kettering Health has confirmed that its emergency departments are no longer on diversion, and its primary care locations are providing walk-in care to established patients.  Kettering Health CEO Michael Gentry has also confirmed that there has been unauthorized access to the data of “a small subset” of Kettering Health patients. The investigation into the data breach is ongoing, and notification letters will be mailed to the affected individuals when the investigation is concluded.

On May 30, 2025, Kettering Health provided an update to its staff, partners, and community members about scam communications, which may include phone calls, text messages, and emails. Gentry explained that these communications are “designed to intimidate, demand a response, or claim data exposure.” Gentry advised the public to exercise caution, not to click any links, open attachments, or respond to the communications, and if contacted by phone about the cyberattack, to hang up immediately. Any malicious or suspicious communications should be reported to the police.

May 21, 2025: Ransomware Attack Causes System-wide Outage at Kettering Health

Kettering Health, a large health system with 14 medical centers and 120 outpatient facilities in western Ohio, has experienced “a system-wide technology outage” that has affected all 14 of its medical centers and disrupted its call center. The outage occurred on the morning of Tuesday, May 20, 2025, and without access to critical IT systems, the decision was taken to cancel scheduled inpatient and outpatient procedures on Tuesday.

The medical centers remain open, and emergency rooms are continuing to accept patients. The staff is working on established downtime procedures and reverting to pen and paper to record patient information while IT systems are offline. The IT team is working around the clock to investigate the incident and bring systems back online safely and securely.  “We have procedures and plans in place for these types of situations and will continue to provide safe, high-quality care for patients currently in our facilities,” explained Kettering Health in a website announcement.

According to CNN, which obtained a copy of a ransom note, this was a ransomware attack by the Interlock ransomware group, a threat group with a history of double extortion attacks on the healthcare sector. The Interlock ransomware group breaches networks, identifies data of interest, exfiltrates files, and uses ransomware to encrypt files. The ransom must be paid to prevent the publication of the stolen data on its dark web data leak site and to obtain the keys to decrypt the data. Interlock was behind the recent ransomware attack on the kidney dialysis service giant Davita, Brockton Neighborhood Health Center in Massachusetts, the Drug and Alcohol Treatment Service in Pennsylvania, and Texas Tech University Health Sciences Center.

“Since it first emerged back in October 2024, we’ve tracked 16 confirmed attacks via this group, while a further 17 remain unconfirmed by the victims involved. Today, Interlock also came forward to claim a large-scale attack on West Lothian Council, UK, which has been disrupting its school network for over a week,” Rebecca Moody, Head of Data Research at Comparitech, told The HIPAA Journal. “While this attack on Kettering Health is in its early stages, it’s highly likely Interlock will have stolen data and will release this if its ransom demands aren’t met.”

The investigation is still in the early stages, and Kettering Health is not yet in a position to state to what extent, if any, patient data has been stolen. The healthcare system confirmed that the outage was caused by a cyberattack, but has not verified that this was a ransomware attack. The Interlock ransomware group claims to have “secured your most vital files” and has threatened to publish the stolen data if Kettering Health refuses to negotiate payment.

Within a few hours of the announcement, Kettering Health issued a warning about scam calls. “We have confirmed reports that scam calls have occurred from persons claiming to be Kettering Health team members requesting credit card payments for medical expenses,” explained Kettering Health. “While it is customary for Kettering Health to contact patients by phone to discuss payment options for medical bills, out of an abundance of caution, we will not be making calls to ask for or receive payment over the phone until further notice.”

This post will be updated as further information becomes available.

The post Kettering Health Confirmed Patient Data Compromised in May 2025 Ransomware Attack appeared first on The HIPAA Journal.