Podcast Episode Details
Back to Podcast Episodes
Healthcare Databases Exposed, Facebook’s Photo API Bug, Signal Speaks Out – WB48
Watch this episode on our YouTube channel!
This is your Shared Security Weekly Blaze for December 24th 2018 with your host, Tom Eston. In this week’s episode: Healthcare databases exposed, Facebook’s Photo API bug, and Signal speaks out.
Silent Pocket is a proud sponsor of the Shared Security Podcast! Silent Pocket offers a patented Faraday cage product line of phone cases, wallets and bags that can block all wireless signals, which will make your devices instantly untrackable, unhackable and undetectable. Use discount code “sharedsecurity” to receive 15% off of your order. Visit silent-pocket.com to take advantage of this exclusive offer.
Hi everyone, welcome to the Shared Security Weekly Blaze where we update you on the top 3 cybersecurity and privacy topics from the week. These podcasts are published every Monday and are 15 minutes or less quickly giving you “news that you can use”.
A new report called the “Chronic [Cyber] Pain: Exposed & Misconfigured Databases in the Healthcare Industry,” from threat intelligence firm IntSights shows that about 30 percent of all healthcare databases end up unsecured and exposed to the Internet. Some key findings during their research included spending 90 hours of research which found 15 databases exposed containing 1.5 million patient records. Based on their calculations this results in approximately 16,667 medical records discovered. Other interesting information from the report note that the estimated price on the black market is $1 for a single medical record. Exposed databases were found using popular cloud data storage and sharing databases like Elasticsearch or MongoDB. Exposed and misconfigured Elasticsearch databases in particular have been a source of countless data breaches this year including one that we discussed on the podcast, the Exactis data leak, which exposed 340 million records back in July. Other interesting attack vectors found that led to healthcare databases being exposed include legacy and outdated file sharing protocols such as SMB and FTP as well as misconfigured APIs and of course our favorite, weak passwords. Recommendations from the report note the always standard security recommendations such as enabling two-factor authentication for web applications, limit third-party access to databases, closely monitor databases for unusual reads or requests, limit database access to specific IP ranges and conduct penetration testing to find exposed systems and vulnerabilities.
One recommendation I would add is for healthcare organizations to evaluate what systems and databases may be exposed to the Internet and to have a process for discovering exposed systems on a continual basis. Certainly, penetration testing can be used for a point-in-time assessment but using vulnerability scanning and other discovery services on all company owned or third-party managed systems that are exposed to the Internet should be part of any good cybersecurity program.
Edgewise Networks is the first zero trust platform that stops data breaches by allowing only verified software to communicate in your cloud and data center.
Micro segmentation projects can be costly and difficult, but Edgewise offers a new approach: zero trust segmentation. Without any changes to your network environment, Edgewise puts your data at the heart of your securi
Published on 7 years ago