Philips Data Breach Exposes Patients To Medicare Fraud

preview_player
Показать описание
In mid-2023, Philips was notified of a security vulnerability that affected Care Orchestra and Encore Anywhere, the two patient management platforms used by clinicians and DME's to monitor patients remotely and bill insurance providers for supplies etc.

After a lengthy investigation, Philips found that hackers had indeed exploited the vulnerability and accessed the database that included your name, address, date of birth, email address, phone number, patient ID, facility ID, device serial number, modem serial number, physician and device usage.

They have not mentioned that medical insurance information was accessed; however, when you enter a patient's personal details into Care Orchestra, you also enter all that insurance information and although I'm not an expert, i find it very hard to believe that they encrypted that information but failed to encrypt the personal data etc. It's only speculation I know. However, this is Philips.
  1. CPAP Reviews
Рекомендации по теме
Philips Data Breach 0:03:45

Philips Data Breach Exposes Patients To Medicare Fraud

Medical System Flaws 0:03:03

Medical System Flaws and Exposed Cyber Security. Critical Flaws in Philips Medical Imaging Systems.

Don't make eye 0:00:05

Don't make eye contact

This can happen 0:00:28

This can happen in Thailand

Case Studies: Healthcare 0:03:59

Case Studies: Healthcare Data Breach Risks

Health data breach 0:04:54

Health data breach more extensive than previously known

Is Jeff Bezos 0:00:12

Is Jeff Bezos Really That Approachable #wealth #jeffbezos #celebrity #entrepreneur #ceo

Hacking Philips Hue 0:08:01

Hacking Philips Hue Lights To Hack Whole Networks - ThreatWire

Government lagging at 0:02:14

Government lagging at enforcing protection of patient online data

The BIGGEST Reasons 0:03:33

The BIGGEST Reasons Why Hackers Target Healthcare Companies

Healthcare Industry Cyber 0:00:54

Healthcare Industry Cyber Attacks

Samay Raina : 0:00:13

Samay Raina : 'Does Size Matter?' #shorts

Anatomy Of A 0:33:34

Anatomy Of A Data Breach (Part Two)

CPAP Users Hacked! 0:07:32

CPAP Users Hacked! Thousands At Risk

Describe your perfect 0:00:16

Describe your perfect vacation. #philippines #angelescity #expat #travel #filipina #phillipines

Private information compromised 0:01:58

Private information compromised after Virginia Retirement System contactor hacked

Critical Zero Days 0:43:41

Critical Zero Days Remotely Compromise the Most Popular Real-Time OS

⚠️ Philips Recall 0:06:44

⚠️ Philips Recall Update - Safety Results For DreamStation

Data Breaches: Prevention 0:35:10

Data Breaches: Prevention or Post-attack Panic

Distributed Denial of 0:07:04

Distributed Denial of Secrets Releases BlueLeaks Exposing Files From hundreds Of police Departments

Google unveils new 0:04:17

Google unveils new products after revealing data breach

📶 Sleep Data 0:19:31

📶 Sleep Data Exposed! CPAP Data Questions & Answers - Who Owns Your Data? How Is It Used?

Can My Sleep 0:00:57

Can My Sleep Doctor See ResMed or Philips Respironics Cloud Data and make changes? #shorts

VTech hacking of 0:11:06

VTech hacking of 6.4 Million Kids Data | Illegal VTech Spying | BusinessProfusion

Комментарии
Автор

Just when you think it can't get any worse . . . .

cardinalflower
Автор

So glad I chose resmed 3 yrs ago when given a choice without any help over Phillips. Dodged a bullet.

sirenmuscle
Автор

Thanks for your continued follow-ups on the Philips saga! It's definately a good idea to get the word out to keep an eye out for any kind of insurance fraud.

That said, and not looking to defend Philips, but 2:00 - not necessarily. With a large infrastructure it wouldn't be uncommon for financial data to be stored seperate from a server hosting the data described in the breach, the screenshot in your example could be on a seperate database (and server/cluster) from the one that was breached.

The reasons for different servers - when operating at scale you often don't want the same server thats getting hammered by the cpap submitting logs to be the same server thats also serving up the web application data, and also the same server that's running billing reports... So, you segregate the data out to different servers and only replicate whats needed for that particular server and the applications connecting to it to operate - it also helps from a security standpoint by compartmentalizing the data (the person billing you has no need to see your AHI score last night, and the doctor shouldn't need to know how Philips is billing you, so why even have the data on servers they can access). If I were to take a shot based on the disclosure text, it sounds like the compromised DB isthe one that makes the device logs available to the doctors - but they could also be omitting the true extent.

danb.
Автор

Between this and recalled machines I think they should be shut down and long with any supplier that knew there was a problem with their machines.

tinakondo
Автор

This is why we need to go back to fax machines!

lockpickingengineer
Автор

Well, incidentally I received today Phillips letter warning me about this breach, but since I've never used any online data system I think am not really in any danger🤷🏽‍♂️

HeadroomPR
Автор

I know I have mail from them. I have in my mailbox, this is how I found you.

Lvemylife
Автор

I have a phillips dreamstation (not dreamstation 2) from the hospital on loan for free as I can’t afford to buy one. I feel like I’m putting my health at risk using it. Is it safe to use?

ayianaarthur
Автор

As someone who has created over 1000 of said accounts, would never bother putting in the insurance info too much else to do lol so I guess that’s a good thing.

ghatmen
Автор

You have to keep track of all your medicare's notices and make sure it was yours, also you gap plan as well.

jeffreyjourdonais
Автор

And what about medicare not anything different. We had to get new ID cards

frankrinaldi