Indiana Attorney General Todd Rokita targets reproductive health … – Indiana Capital Chronicle
Indiana Attorney General Todd Rokita targets reproductive health ... Indiana Capital Chronicle
This change would protect info on patients’ abortions. AG Raúl Labrador hopes to stop it – Yahoo News Canada
This change would protect info on patients’ abortions. AG Raúl Labrador hopes to stop it – Yahoo News
Patch Released for Actively Exploited Citrix NetScaler Zero Day … – HIPAA Journal
Patch Released for Actively Exploited Citrix NetScaler Zero Day Vulnerability
Citrix has released patches to fix three vulnerabilities that affect the Netscaler Application Delivery Controller (ADC) and NetScaler Gateway appliances – formerly Citrix ADC/Citrix Gateway – including an actively exploited zero day bug that is being actively exploited in the wild.
The solutions are used by healthcare organizations for remote access and improving the performance, security, and resiliency of application delivery, including electronic medical records. The extent to which the vulnerability is being exploited has not been confirmed by Citrix; however, security researchers expect the vulnerability to be widely exploited now the vulnerability has been announced as vulnerabilities in Citrix appliances are targeted by hackers of all skill levels.
The critical flaw is tracked as CVE-2023-3519 and has been assigned a CVSS v3.1 severity score of 9.8 out of 10. Successful exploitation of the flaw would allow a remote, unauthenticated attacker to execute code on a vulnerable appliance. The vulnerability can be exploited if the appliance is running a vulnerable version and is configured as a gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or an authentication virtual server (AAA server).
The other two high-severity vulnerabilities are not believed to have been exploited at the time of the announcement. They are a cross-site scripting vulnerability – CVE-2023-3466 – which has a CVSS severity score of 8.3. The vulnerability can be exploited if the victim accesses an attacker-controlled link in a browser while on a network with connectivity to the NetScaler IP. The other vulnerability – CVE-2023-3467 – is a privilege escalation flaw with a CVSS score of 8.0. Exploitation allows privilege escalation to root administrator (nsroot). An attacker could exploit the flaw with authenticated access to NSIP or SNIP with management interface access.
The vulnerabilities have been fixed in the following Netscaler ADC and NetScaler Gateway versions:
- NetScaler ADC and NetScaler Gateway 13.1-49.13 and later releases
- NetScaler ADC and NetScaler Gateway 13.0-91.13 and later releases of 13.0
- NetScaler ADC 13.1-FIPS 13.1-37.159 and later releases of 13.1-FIPS
- NetScaler ADC 12.1-FIPS 12.1-55.297 and later releases of 12.1-FIPS
- NetScaler ADC 12.1-NDcPP 12.1-55.297 and later releases of 12.1-NDcPP
Customers that are still using version 12.1 have been advised to upgrade to a supported version, as version 12.1 has reached end-of-life.
The post Patch Released for Actively Exploited Citrix NetScaler Zero Day Vulnerability appeared first on HIPAA Journal.
Tampa General Hospital Says Hackers Exfiltrated the Data of 1.2 … – HIPAA Journal
Tampa General Hospital Says Hackers Exfiltrated the Data of 1.2 Million Patients
Tampa General Hospital has recently confirmed that hackers gained access to its network and stole files containing the protected health information of up to 1.2 million patients. A security breach was detected on May 31, 2023, when suspicious activity was identified within its network. The affected systems were immediately taken offline to prevent further unauthorized access and a third-party digital forensics firm was engaged to investigate the incident and determine the nature and scope of the attack.
The investigation confirmed that unauthorized individuals had access to its network for three weeks between May 12, and May 30, 2023, during which time they exfiltrated files containing patient information. The information compromised in the incident varied from individual to individual and may have included names, phone numbers, addresses, dates of birth, Social Security numbers, medical record numbers, patient account numbers, dates of service, health insurance information, and limited treatment information. Tampa General Hospital confirmed that the hackers did not gain access to its electronic medical record system.
Tampa General Hospital said this was an attempted ransomware attack and while data theft occurred, its security systems prevented files from being encrypted. Additional technical security measures have now been implemented to harden its systems and prevent further data breaches and network monitoring has been enhanced to ensure that any future security breaches are detected rapidly.
Notification letters will be mailed to affected individuals when contact information has been verified. Tampa General Hospital said affected individuals will be offered complimentary credit monitoring and identity theft protection services.
The post Tampa General Hospital Says Hackers Exfiltrated the Data of 1.2 Million Patients appeared first on HIPAA Journal.