Healthcare Security
In-depth guides and analysis on healthcare security from the Safeguard engineering team.
3 articles
Eppendorf BioFlo 320 Bioreactor: A Hard-Coded VNC Password Earns CVSS 9.8 (CISA ICSMA-26-146-01, May 2026)
CISA's May 26, 2026 medical advisory flags CVE-2026-7251, a hard-coded VNC password in all versions of the Eppendorf BioFlo 320 bioreactor. A remote attacker who reaches the device gets full control of cell-culture and bioprocess parameters. We break down the flaw and the fix.
NYC Health + Hospitals Vendor Breach: 1.8 Million Records, Including Biometrics, Exposed (May 2026)
A months-long intrusion through a third-party vendor exposed medical records, government IDs, geolocation, and fingerprint and palm-print biometrics for at least 1.8 million people at the largest U.S. public health system. We unpack the dwell time and the third-party blast radius.
Shield Health Group Data Breach: 2 Million Patient Records Exposed
A breach at Shield Health Group, a Massachusetts medical imaging provider, exposed personal and medical data of approximately 2 million patients — highlighting the healthcare sector's persistent vulnerability.