Browser beware: Study uncovers data leaks that could impact health IT

Clean Sweep Live Auction on Wed. Sep. 18th. Click to view the full inventory

advertisement

Browser beware: Study uncovers data leaks that could impact health IT

by Thomas Dworetzky, Contributing Reporter | August 02, 2019
Cyber Security Health IT
Some extensions for common browsers such as Firefox and Chrome collect or leak data, says a new study.

Players in the healthcare arena impacted by such occurrences include Athenahealth, CardinalHealth, Kaiser Permanente, Amgen, Merck, Pfizer, Roche, Epic, Kareo and DrChrono, according to the DataSpii report.

“Even if you did not have one of the extensions, you may not be immune to the data leak,” said report author Sam Jadali, founder of an internet hosting service and originator of DataSpii, in a statement, adding, “If you or someone with whom you communicated online had one of the invasive extensions installed on your computer, you may have been impacted by the DataSpii leak."

THE (LEADER) IN MEDICAL IMAGING TECHNOLOGY SINCE 1982. SALES-SERVICE-REPAIR

Special-Pricing Available on Medical Displays, Patient Monitors, Recorders, Printers, Media, Ultrasound Machines, and Cameras.This includes Top Brands such as SONY, BARCO, NDS, NEC, LG, EDAN, EIZO, ELO, FSN, PANASONIC, MITSUBISHI, OLYMPUS, & WIDE.

Jadali began looking into browser extension privacy issues last year and recently determined that the add-on extensions that collected data included, Fairshare Unlock, SpeakIt!, Hover Zoom, PanelMeasurement, SaveFrom.net Helper, Panel Community Surveys, and Branded Surveys, according to ars technica.

The browser extensions were mostly used with Chrome, as well as Firefox. Google's estimate puts the number of users of the extensions as high as 4.1. million.

The extensions typically gathered URLs, webpage titles and even embedded hyperlinks of all pages visited, with data made available for a price by Nacho Analytics, a fee-based service “which markets itself as 'God mode for the Internet' and uses the tag line 'See Anyone’s Analytics Account'.”

Through the pages and links some very sensitive information can be exposed, including tax returns, credit card information, usernames, passwords, private LAN structure, firewall access codes and API keys — much of which makes it easier to hack systems such as those used in healthcare.

Google and Mozilla responded to the report by disabling the extensions he had found, so users cannot get them as add-ons through their browser's sites.

“We are aware of the changing security landscape and, as such, have created a list of Recommended Extensions which are editorially vetted, security-reviewed, and monitored for safety and privacy by Mozilla,” said a company spokesperson, according to Forbes.

You Must Be Logged In To Post A Comment