Security News

24 million medical records exposed

Avast Security News Team, 20 September 2019

Plus, a FIN7 hacker pleads guilty to cybercrime, the Brazilian IT sector is up in arms over government plans, and ethical hackers will get a crack at an orbiting satellite

Testing the security of medical institutions, researchers found 24.3 million medical records unprotected. SC Magazine reported that the records spanned 52 countries and contained patient names, birthdays, examination dates, and miscellaneous medical information. Also among the data were 737 million images, including X-rays and lab results. Digging for explanations, researchers discovered vulnerabilities, some several years old, in the databases and apps that held the data. If they had been patched and updated, the leaks might have been prevented. Some researchers are calling for the medical field to give more careful consideration to whether or not certain information should be accessible online. “The medical industry faces a difficult issue in this area,” said Avast Security Evangelist Luis Corrons. “In some cases expensive medical equipment includes outdated Windows versions, requiring extra effort to protect and isolate those computers.”

This week’s stat 

One in every three consumers stop doing business with companies after a cybersecurity breach. Read more

FIN7 hacker pleads guilty, faces possible 25-year sentence

In one of the largest cybercrime cases ever handled by the FBI, a Ukrainian national has pleaded guilty to hacking and wire fraud charges. Radio Free Europe reported that Fedir Hladyr, 34, will pay $2.5 million in restitution and face up to 25 years behind bars for just two of the 26 counts against him. The U.S. attorney’s office plans to drop the other 24 counts, with experts speculating it may be part of a cooperation deal. Hladyr is part of the notorious hacking group FIN7, which the FBI claims stole and sold data from 15 million payment cards over the past four years, causing more than $100 million in losses. FIN7 operates and commits crimes around the globe, and the group has attacked businesses in 47 U.S. states as well as Washington, D.C.

This week’s quote

“Treasury is taking action against North Korean hacking groups that have been perpetrating cyberattacks to support illicit weapon and missile programs.” – Sigal Mandelker, U.S. Treasury Department. Read more

Brazilian IT industry criticizes government IT plan

More than 2,000 Brazilian IT firms that came together to form the trade body Assespro have strongly criticized the Brazilian government’s plan to privatize the state-owned tech firm Serpro. According to ZD Net, the decision to move the company into the private sector is an effort to significantly increase its customer base. Serpro currently makes 85% of its revenue from government clients, but the company intends to boost its amount of private sector customers from the current 1,300 to 4,000 by 2020. Assespro argues that this move would take business away from the commercial IT companies already working in Brazil. The trade body stated that in this situation, the state is working against society and using public money to generate private profit. Assespro also asserted that there is no constitutional backing for the government plan. 

U.S. Air Force will give ethicals hackers access to satellite

The U.S. Air Force will give ethical hackers a chance to break into the security of an orbiting satellite, Wired reported this week. At the Defcon hacker conference in Las Vegas last month, the Air Force allowed white-hat hackers to try to find vulnerabilities in the F-15 fighter-jet data system. The success of that event caused officials to think bigger. They will accept applications to the program in the next few months. A few researchers will be allowed to work on the satellite and attend next year’s Defcon for a live hacking demonstration. 

This week’s “must-read” on The Avast Blog

Avast researchers have found that Android flashlight applications request an average of 25 permissions to access data or features on mobile devices, potentially exposing users in unnecessary ways. 


Avast is a global leader in cybersecurity, protecting hundreds of millions of users around the world. Protect all of your devices with our award-winning free antivirus. Safeguard your privacy and encrypt your online connection with SecureLine VPN.