Weiser Memorial Hospital Data Breach Affects 34,200 Patients

Posted by Steve Alder

Cyberattacks and data breaches have recently been announced by Weiser Memorial Hospital in Idaho and Minnesota Orthodontics and Dentofacial Orthopedics.

Weiser Memorial Hospital

Weiser Memorial Hospital in Idaho has recently informed the Maine Attorney General about a data breach that involved unauthorized access to the personal and protected health information of 34,249 individuals, including 14 Maine residents. Unusual network activity was identified on September 4, 2024, and after securing its network, Weiser Memorial Hospital engaged third-party cybersecurity experts to investigate and determine the nature and scope of the unauthorized activity.

The investigation confirmed that an unauthorized third party accessed its network and exfiltrated files containing sensitive data on or around September 4, 2024. The impacted files were reviewed to determine the patients affected and the types of data involved, and that process concluded on April 21, 2025. Weiser Memorial Hospital has confirmed that current and former patients had some or all of the following information stolen in the incident: name, date of birth, Social Security number, other government ID numbers, diagnoses, treatment/procedure information, Medicare/Medicaid numbers, and/or health insurance information.

Weiser Memorial Hospital said steps have been taken to improve security to prevent similar incidents in the future, and the affected individuals have been offered complimentary single-bureau credit monitoring, credit report, and credit score services.

Minnesota Orthodontics and Dentofacial Orthopedics

Minnesota Orthodontics and Dentofacial Orthopedics (MN Ortho) has alerted patients about a recent data security incident involving unauthorized access to sensitive patient data. On February 26, 2025, MN Ortho discovered unauthorized access to its network. Steps were taken to secure its systems and prevent further unauthorized access, and third-party cybersecurity specialists were engaged to investigate the activity.

On April 18, 2025, MN Ortho confirmed that an unauthorized third party copied files from its network that contained patient data such as names, dates of birth, financial information, health forms, insurance information, treatment information, and employment information. The investigation and data review are ongoing, and notification letters will be mailed to the affected individuals when the process is completed. MN Ortho said it is unaware of any misuse of the affected data. The security incident has been reported to the HHS’ Office for Civil Rights using a placeholder figure of 501 affected individuals. The total will be updated when the file review is concluded.

The post Weiser Memorial Hospital Data Breach Affects 34,200 Patients appeared first on The HIPAA Journal.

Microsoft, Fortinet & Ivanti Warn About Actively Exploited Zero Day Vulnerabilities

Posted by Steve Alder

Microsoft, Fortinet & Ivanti have all notified customers about vulnerabilities in their products that are known to have been exploited by threat actors. Prompt patching is strongly recommended, and workaround/mitigations should be implemented if patching must be delayed.

Microsoft

On Patch Tuesday, Microsoft issued patches for five vulnerabilities known to have been exploited in the wild, plus two publicly disclosed zero-day vulnerabilities. The actively exploited  vulnerabilities are:

Product CVE Severity Type Outcome
Microsoft DWM Core Library CVE-2025-30400 Important Elevation of Privilege Local elevation of privilege to SYSTEM
Windows Common Log File System CVE-2025-32701 Important Elevation of Privilege Local elevation of privilege to SYSTEM
Windows Common Log File System CVE-2025-32706 Important Elevation of Privilege Local elevation of privilege to SYSTEM
Windows Ancillary Function Driver CVE-2025-32709 Important Elevation of Privilege Local elevation of privilege to SYSTEM
Microsoft Scripting Engine CVE-2025-30397 Important Memory Corruption Code execution

The following vulnerabilities have been publicly disclosed:

Product CVE Severity Type Outcome
Microsoft Defender CVE-2025-26685 Important Identity Spoofing Spoofing of another account over an adjacent network
Visual Studio CVE-2025-32702 Important Remote Code Execution Local code execution by an unauthenticated attacker

Microsoft also released patches for six critical vulnerabilities that are not known to have been exploited but should be prioritized. They affect Microsoft Office (CVE-2025-30377 and CVE-2025-30386), Microsoft Power Apps (CVE-2025-47733), Remote Desktop Gateway Service (CVE-2025-29967), and Windows Remote Desktop (CVE-2025-29966).

Fortinet

Fortinet has issued a security advisory about a critical vulnerability affecting its FortiVoice, FortiMail, FortiNDR, FortiRecorder, and FortiCamera products. The stack-based buffer overflow vulnerability has been assigned a CVSS v4 severity score of 9.6 (CVSS v3.1: 9.8) and can be exploited by a remote unauthenticated hacker by sending HTTP requests with a specially crafted hash cookie. Successful exploitation of the vulnerability can allow arbitrary code execution.

Fortinet said it has observed exploitation of the vulnerability on FortiVoice. The threat actor scanned the device network, erased system crashlogs, and enabled fcgi debugging to log credentials from the system or SSH login attempts. The vulnerability is tracked as CVE-2025-32756 and affects the following product versions:

Affected Product Affected Versions Fixed Versions
FortiVoice 7.2.0 Upgrade to 7.2.1 or above
7.0.0 through 7.0.6 Upgrade to 7.0.7 or above
6.4.0 through 6.4.10 Upgrade to 6.4.11 or above
FortiRecorder 7.2.0 through 7.2.3 Upgrade to 7.2.4 or above
7.0.0 through 7.0.5 Upgrade to 7.0.6 or above
6.4.0 through 6.4.5 Upgrade to 6.4.6 or above
FortiMail 7.6.0 through 7.6.2 Upgrade to 7.6.3 or above
7.4.0 through 7.4.4 Upgrade to 7.4.5 or above
7.2.0 through 7.2.7 Upgrade to 7.2.8 or above
7.0.0 through 7.0.8 Upgrade to 7.0.9 or above
FortiNDR 7.6.0 Upgrade to 7.6.1 or above
7.4.0 through 7.4.7 Upgrade to 7.4.8 or above
7.2.0 through 7.2.4 Upgrade to 7.2.5 or above
7.1 all versions Migrate to a fixed release
7.0.0 through 7.0.6 Upgrade to 7.0.7 or above
1.1 through 1.5 Migrate to a fixed release
FortiCamera 2.1.0 through 2.1.3 Upgrade to 2.1.4 or above
2.0 all versions Migrate to a fixed release
1.1 all versions Migrate to a fixed release

Fortinet has issued indicators of Compromise in its security alert. If immediate patching is not possible, Fortinet recommends disabling the HTTP/HTTPS administrative interface

Ivanti

Ivanti has issued a security advisory about two vulnerabilities affecting the Ivanti Endpoint Manager Mobile (EPMM) solution, one is a medium severity flaw and the other is high severity flaw. The two vulnerabilities can be chained together and can allow unauthenticated remote code execution. Ivanti explained that the two vulnerabilities are associated with open-source code used in the EPMM, and not within Ivanti’s code.

The medium severity flaw is tracked as CVE-2025-4427 and is an authentication bypass flaw with a CVSS v3.1 severity score of 5.3. The second vulnerability is a remote code execution vulnerability with a CVSS v3.1 severity score of 7.2

Affected Product Affected Versions Fixed Versions
Ivanti Endpoint Mobile Manager 11.12.0.4 and prior 11.12.0.5 and later
12.3.0.1 and prior 12.3.0.2 and later
12.4.0.1 and prior 12.4.0.2 and later
12.5.0.0 and prior 12.5.0.1 and later

Ivanti said users should upgrade to the latest version as soon as possible; however, risk can be greatly reduced if the user filters access to the API using the built-in Portal ACLs or an external WAF.

The post Microsoft, Fortinet & Ivanti Warn About Actively Exploited Zero Day Vulnerabilities appeared first on The HIPAA Journal.