Smashing Security #154: A buttock of biometrics

The UK’s Labour Party kicks off its election campaign with claims that it has suffered a sophisticated cyber-attack, Apple’s credit card is accused of being sexist, and what is Google up to with Project Nightingale?

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by John Hawes.

Medical data is being leaked by NHS pagers, and then broadcast for the world to see…

Medical data is being broadcast unencrypted by hospitals across the UK, as ambulances are directed to respond to 999 emergency calls.

Medical images and details of 24.3 million patients left exposed on the internet

Researchers discover that confidential images of X-rays, CT and MRI scans related to millions of patients has been left unprotected on hundreds of servers used by health providers worldwide.

Facebook’s secret plan to access hospital patient records

Facebook wanted to gobble up data from hospitals about their most vulnerable patients, and match it up with user profiles on the world’s biggest social network.

Elementary vulnerability exposed sensitive medical records on healthcare data website

A vulnerability allowed users of a healthcare data portal to access other users’ medical records and thereby view their sensitive information.

David Bisson reports.

Security scare over hackable heart implants

A US government probe into claims that certain heart implants are vulnerable to hacking attacks, has resulted in emergency security patches being issued for devices that cardiac patients have in their homes.

Read more in my article on the We Live Security blog.

Under attack: How hackers could remotely target your pacemaker

Once again, researchers have uncovered security flaws that could allow malicious hackers to attack implanted medical devices, such as heart pacemakers and cardiac defibrillators, with the potential to deliver fatal shocks.

Read more in my article on the Tripwire State of Security blog.

Advertising company given access to 1.6 million NHS patient records

The name of the advertising company?

You may have heard of it. It’s Google.

Imagine finding over 1400 software vulnerabilities in just one medical product…

Researchers have discovered over 1,400 vulnerabilities in the third-party software packages of an automated medical supply cabinet, the CareFusion Pyxis SupplyStation.

David Bisson reports.

Take care how you charge your phone when you’re in the hospital

What’s the harm of “plugging in” to snatch a few precious volts while you visit a sick friend or loved one, or as you wait around in the emergency room?

Perhaps more than you think, explains Bob Covello.

First report of simulated human being hacked – but don’t panic

As we connect more devices to each other and to the internet, we must think about the security implications.

Read more in my article on the Tripwire State of Security blog.

Could hackers give you a heart attack or drugs overdose? US authorities investigate

In the rush to embrace technology to save and improve the lives of patients, medical scientists may have forgotten something important: security.

Read more in my article for the We Live Security blog.

I’ve been hacked, and now I’m pregnant!

An embedded microchip that stops you from becoming pregnant? Would you trust it to protect itself properly from a hacker attack?

Yikes! Talk about the need for intrusion prevention…

Read more in my article on the We Live Security blog.