Issue link: https://beckershealthcare.uberflip.com/i/1169964
63 CIO / HEALTH IT Hacking vulnerability found in Philips ultrasound system By Mackenzie Garrity S ecurity researchers have discov- ered a vulnerability in Philips HDI 4000 Ultrasound systems that can be exploited to prevent proper diag- nosis, according to the HIPAA Journal. Hackers can gain access to ultrasound images through the vulnerability and steal data. They can also change ultra- sound images, which can prevent pa- tients from receiving correct medical treatment, reported the HIPAA Journal. Philips HDI 4000 Ultrasound sys- tems are supported by Windows 2000, an outdated operating system. Philips stopped selling these ultrasound systems in December 2013. However, many healthcare organizations continue to use the outdated ultrasounds. Since the devices are not supported by Philips, the company will not be releas- ing a patch to fix the vulnerability. Cybersecurity experts recommend us- ers restrict the ultrasound system's ac- cess to authorized individuals, the HI- PAA Journal reported. Hospitals and health systems have been advised to replace the technology. n Patient data from EHR vendors found for sale online By Jackie Drees G oogle Chrome and Mozilla Fire- fox browser extensions were used to extract and sell users' personal information from more than 50 companies, including EHR provid- ers DrChrono and Kareo, according to e Washington Post. Washington Post technology columnist Geoffrey Fowler and independent cybersecurity researcher Sam Jadali ex- amined the cybersecurity leak. In Mr. Jadali's report "DataSpii: e catastroph- ic data leak via browser extensions," he noted six Chrome and Firefox browser extensions that shared users' data with marketing intelligence service Nacho Analytics, which offered access to web- site data for $49 a month, according to the report. Collectively, the six brows- er extensions gathered data from more than 4 million users. e names of the browser extensions are Hover Zoom, SpeakIt!, SuperZoom, SaveFrom.net Helper, FairShare Unlock and Pan- elMeasurement. DrChrono, an EHR vendor, and Kareo, an EHR management soware, were listed among the companies whose us- ers' data were exposed on Nacho An- alytics' website. From DrChrono, Mr. Fowler and Mr. Jadali found informa- tion including patient names, physician names and medications listed. Kareo in- formation exposed were patient names. Kareo told the Post it is working to re- move names from its website page data. Since notifying Google and Mozilla of the cybersecurity leak, Google re- motely deactivated seven browser ex- tensions and Mozilla deactivated two, the Post reported. Mozilla also deacti- vated a browser extension in February. A few days aer the browser extensions were shut down, Nacho Analytics post- ed a statement to its website that it ex- perienced a "permanent" data outage and is no longer accepting new clients, according to the report. n Massachusetts General Hospital alerts 10,000 patients of data breach By Mackenzie Garrity B oston-based Massachusetts General Hospital in August began notifying 10,000 patients that their personal health information may have been ex- posed in a data breach, according to The Boston Globe. An unauthorized third party gained access to two computer programs used by re- searchers in the hospital's neurology department in June. Massachusetts General Hospital took immediate steps to secure the programs. Patient data that may have been affected included names, dates of birth, medical record numbers and medical histories. No Social Security numbers or financial information were affected. Massachusetts General Hospital is unaware of evidence that patient data has been misused. n Texas supermarket now selling shoppers telehealth visits By Mackenzie Garrity S hoppers at Texas-based H-E-B gro- cery stores can now purchase tele- health visits for up to $50 while buying produce. The supermarket partnered with Reliant Immune Diagnostics' to bring the com- pany's telehealth platform MDBox to H-E-B stores. Shoppers can go to select H-E-B phar- macies and purchase telehealth visits. From there, customers will download the MDBox app and answer a few basic ques- tions about symptoms. A few minutes lat- er, the patient is connected to a licensed medical provider. Through a video chat, the medical pro- vider can diagnose the patient and deter- mine a treatment plan. The provider can also write any needed prescriptions. n