Malicious bug on Mission Health website rerouted financial info to hacker

Asheville, N.C.-based Mission Health has mailed patients letters indicating that their financial information may have been stolen, according to local ABC affiliate WLOS.

Mission Health discovered that a malicious code was infecting its store website and sending users' payment information to an unauthorized third party. The malicious code was present on the website between March 2016 and June 2019.

No patient information or medical records were exposed because of the vulnerability.

After finding the bug, Mission Health took the website offline and is completely rebuilding it. In a statement, Mission Health said the website was not part of its primary website, missionhealth.org.

"Mission Health takes the privacy and security of information very seriously. Regrettably, we recently identified and addressed a security incident that may have involved some of the information consumers provided when making purchases on the Mission Health eCommerce website, either at store.mission-health.org or shopmissionhealth.org," the health system said in a statement, according to WLOS.

The website was used for consumers to purchase health products.

More articles on cybersecurity:
8 hospitals, health systems hit by ransomware attacks
Cancer Treatment Centers of America alerts 3,200 patients of data breach
Why cyberattacks can be crippling to smaller hospitals

© Copyright ASC COMMUNICATIONS 2019. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.

 

Top 40 Articles from the Past 6 Months