by Kim Singletary | Apr 15, 2026 | Blog
This post documents a blind time-based SQL injection in the PostCalendar module discoveredin OpenEMR 8.0.0. The SQL Injection is exploitable by an authenticated admin user and illustrates how a single determined attacker with a valid session can move from nuisance to...
by Lisa Munro | Apr 2, 2026 | Blog
For years, healthcare cyber risk was framed around the perimeter. Firewalls. Endpoints. Network defenses. The digital equivalent of locked doors and reinforced windows. That model no longer reflects how healthcare operates. Care now runs across cloud platforms, EHRs,...
by Lisa Munro | Mar 2, 2026 | Blog
A True Story on Implementation Healthcare did not wake up one morning and decide to adopt a new cybersecurity framework. Healthcare got here the way it gets to most operational change, through pressure and accumulation. Ransomware that shuts down clinics, third-party...
by Lisa Munro | Jan 26, 2026 | Blog
The 2026 J.P. Morgan Healthcare Conference reinforced a familiar but increasingly disciplined theme among healthcare investors: selective optimism. While expectations for a broad M&A rebound remain measured, private equity sponsors are nonetheless ready to deploy...
by Lisa Munro | Jan 23, 2026 | Blog
A conversation with Greg Garcia For much of the past decade, cyber risk in healthcare has been defined by reaction. Breaches exposed after the fact. Ransomware incidents that shut down operations overnight. Emergency funding and crisis communications layered on top of...
by Lisa Munro | Jan 23, 2026 | Blog
January 2026 OCR Update: In its January 2026 Cybersecurity Newsletter, the HHS Office for Civil Rights (OCR) delivered one of its most direct statements yet about how it expects HIPAA-regulated entities to approach cybersecurity going forward. OCR stated they will...
