Urgent Action Required by MOVEit Automation Users
Progress Software has issued a warning to customers about a critical authentication bypass vulnerability within the MOVEit Automation application. MOVEit Automation is a managed file transfer (MFT) that serves as a central automation orchestrator for scheduling and managing file transfer between different systems, including on-premises servers, cloud storage, and third-party partners. Remotely exploitable vulnerabilities in Internet-facing MFT applications are targeted by threat actors. Certain threat groups such as Cl0p have actively targeted enterprise-grade MFTs, mass exploiting the vulnerabilities in attacks on dozens and, in some cases, thousands of users. The critical authentication bypass vulnerability has a CVSS v3.1 base score of 9.8 out of 10 and is tracked as CVE-2026-4670 and can be exploited by a remote attacker with no privileges in a low-complexity attack. The vulnerability affects MOVEit Automation versions prior to 2025.1.5, 2025.0.9, and 2024.1.8. A second high-severity privilege escalation vulnerability has also been identified. The flaw, tracked as...
World Password Day 2026 – Password Tips and Best Practices
Thursday, May 7, 2026, is World Password Day – an event originally established in 2013 and observed on the first Thursday of May each year that has the goal of improving awareness of the importance of creating complex and unique passwords and adopting password best practices to keep sensitive information private and confidential. Passwords were first used to protect accounts against unauthorized access in computing environments in the 1960s. In 1961, researchers at the Massachusetts Institute of Technology (MIT) started using the Compatible Time-Sharing System (CTSS). The system ran on an IBM 709, and users could access the system through a dumb terminal, with passwords used to prevent unauthorized access to users’ personal files. The system is widely believed to be the first to use passwords and was also one of the first to experience a password breach. In the mid-1960s, MIT Ph.D. researcher Allan Scherr needed more than his allotted 4-hour CTSS time to run performance simulations he had designed for the computer system. He discovered a way to print out all passwords stored...
HIPAA Compliance Officer Duties in Small Medical Practices
Article Summary Defining the compliance officer role distinguishes program oversight from performing every compliance task personally. Building and maintaining the compliance program establishes the policy library, training schedule, and documentation system the program operates within. Internal monitoring and auditing confirms the practice’s actual operations match its written policies. Duties a HIPAA Compliance Officer typically performs include risk analysis coordination, training review, and incident intake. Managing the complaint and incident intake process gives patients and staff a defined path for raising a HIPAA concern. Corrective action plans assign specific steps, a responsible party, and a completion timeline for every identified gap. Serving as the point of contact for regulators requires organized documentation the Compliance Officer can produce during an OCR inquiry. Keeping the compliance officer role current depends on ongoing education and documented transition planning for the role. HIPAA Compliance Officer Role in a Small Practice A HIPAA Compliance...
Frequency and Severity of Hacks of Medical Devices Increasing
Healthcare organizations are increasingly concerned about medical device security and for good reason – attacks targeting or impacting medical devices are increasing, and those attacks are negatively impacting patient care. Adoption of AI-enabled and AI-assisted medical devices is increasing, despite serious concerns about the cybersecurity risks associated with the devices, and legacy devices continue to be used past end-of-support, despite those devices containing known and unpatched vulnerabilities. According to a recent survey by RunSafe Security, conducted on 551 healthcare professionals involved in device purchasing decisions in the U.S., UK, and Germany, healthcare organizations are getting better at reducing medical device security risks, although the underlying risks remain significant, and in many cases are increasing in severity and impact. When questioned about medical device cybersecurity, 59% of respondents said they are extremely or very concerned about a cybersecurity incident impacting medical devices, with almost one-quarter reporting that such an attack has...
Ransomware Attack on Good Samaritan Health Center Affects 10,000 Individuals
Data breaches have recently been announced by Good Samaritan Health Center, Wonderland Child & Family Services, and L.A. Care Health Plan. Good Samaritan Health Center Good Samaritan Health Center in Atlanta, Georgia, has notified 10,000 individuals about a February 9, 2026, ransomware attack on one of its internal servers. The attack was identified on February 9, 2026, and the server was isolated to contain the attack. The server was restored from backups on the same day. Good Samaritan Health Center said it has found no evidence to suggest that there has been any misuse of data stored on the server, nor was evidence found of any public disclosure of patient data after the attack; however, Good Samaritan Health Center could not rule out the possibility that data had been accessed or stolen. Data on the server was reviewed, and the files were found to contain names, dates of birth, zip codes, and limited clinical information. Social Security numbers and financial information were not compromised as they were not stored on the server. Good Samaritan Health Center said it has...



