Saturday, October 22, 2022

Aurora Data Breach Was Epic Systems Flaw

You'll note that Epic Systems managed to keep its name out of this--so far.

A data breach at Wisconsin's largest health care system may have exposed up to 3 million Wisconsin and Illinois patients' health information, according to information submitted to the U.S. Department of Health and Human Services.

The breach, which occurred Oct. 14, was reported to the federal agency Friday. The information at risk includes patients' medical providers, IP addresses, dates and locations of scheduled appointments, among other sensitive materials.

In its notice, the company said no Social Security or financial information was breached....

So how did this happen??

 ...The hospital system uses online tracking technologies like Google and Facebook and its "pixels" — or tiny bits of code or images — that collect data on users and the information they see on a page, which made its platform vulnerable to attack, according to its notice this week. Those pixels were on "patient portals" through its MyChart and LiveWell websites and applications, which track and send data on users to third-parties....

And who makes "MyChart"?

Epic Data Systems, which has a reputation for serious code-writing problems.  There are several small IT shops in Madison which 'fix' Epic's problems and they're all doing very well indeed!

Who makes "LiveWell"?

Not too easy to figure out.

No comments: