Browser beware: Study uncovers data leaks that could impact health IT

by Thomas Dworetzky, Contributing Reporter | August 02, 2019

Some extensions for common browsers such as Firefox and Chrome collect or leak data, says a new study.

Players in the healthcare arena impacted by such occurrences include Athenahealth, CardinalHealth, Kaiser Permanente, Amgen, Merck, Pfizer, Roche, Epic, Kareo and DrChrono, according to the DataSpii report.

“Even if you did not have one of the extensions, you may not be immune to the data leak,” said report author Sam Jadali, founder of an internet hosting service and originator of DataSpii, in a statement, adding, “If you or someone with whom you communicated online had one of the invasive extensions installed on your computer, you may have been impacted by the DataSpii leak."

Jadali began looking into browser extension privacy issues last year and recently determined that the add-on extensions that collected data included, Fairshare Unlock, SpeakIt!, Hover Zoom, PanelMeasurement, SaveFrom.net Helper, Panel Community Surveys, and Branded Surveys, according to ars technica.

The browser extensions were mostly used with Chrome, as well as Firefox. Google's estimate puts the number of users of the extensions as high as 4.1. million.

The extensions typically gathered URLs, webpage titles and even embedded hyperlinks of all pages visited, with data made available for a price by Nacho Analytics, a fee-based service “which markets itself as 'God mode for the Internet' and uses the tag line 'See Anyone’s Analytics Account'.”

Through the pages and links some very sensitive information can be exposed, including tax returns, credit card information, usernames, passwords, private LAN structure, firewall access codes and API keys — much of which makes it easier to hack systems such as those used in healthcare.

Google and Mozilla responded to the report by disabling the extensions he had found, so users cannot get them as add-ons through their browser's sites.

“We are aware of the changing security landscape and, as such, have created a list of Recommended Extensions which are editorially vetted, security-reviewed, and monitored for safety and privacy by Mozilla,” said a company spokesperson, according to Forbes.



You Must Be Logged In To Post A Comment Sign In If you've already created an account, use your email address and password to sign in using the form below. Login Problems: Click here if you are having login issues. Email address: Password: Forgot your password? Login Problems? View our Legal Notice and Privacy Notice Register Registration is Free and Easy. Enjoy the benefits of The World's Leading New & Used Medical Equipment Marketplace. Register Now!