Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

The information of 8 million patients from Welltok, a US medical software provider, has been disclosed due to the zero-day vulnerability of MOVEit.

2024-04-22 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > IT Information >

Share

Shulou(Shulou.com)12/24 Report--

CTOnews.com, Nov. 27 (Xinhua)-- Welltok, a US medical software provider, recently issued a warning that it was hacked and leaked the data of 8493379 patients due to the zero-day vulnerability of MOVEit.

▲ source WelltokCTOnews.com Note: MOVEit is the database management software provided by Progress Software, which claims to encrypt user information and provide automation, analysis and failover functions. The ransomware group Clop began to use MOVEit's zero-day vulnerability CVE-2023-34362 to attack a number of enterprises and institutions since May this year.

It is reported that CVE-2023-34362 is a SQL injection vulnerability that allows hackers to directly access MOVEit Transfer databases with a CVSS risk score of 9.8. Progress Software patched the vulnerability on May 31, but there are still many enterprises that fail to update the patch in time or are hacked before installing the patch.

According to security company Emsisoft, Clop exploited the vulnerability to hack into a total of 2636 organizations and allegedly obtained more than 80 million personal data.

Welltok claimed that it had received a warning on July 26 that its servers had been hacked, but that Welltok had installed a patch for Progress Software before that, so it thought its system was not threatened.

However, in a routine inspection a few days ago, Welltok found that hackers had hacked into their own server as early as May 30 before installing the repair patch. The server stores patient data from 20 medical organizations, including names, addresses, phone numbers, e-mail addresses, health information, social security codes, diagnostic materials, and so on. Welltok has notified the affected patients on behalf of these organizations, but has not yet indicated how it will be compensated.

▲ diagram source Welltok

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

IT Information

Wechat

© 2024 shulou.com SLNews company. All rights reserved.

12
Report