by Thomas Dworetzky
, Contributing Reporter | August 02, 2019
Some extensions for common browsers such as Firefox and Chrome collect or leak data, says a new study.
Players in the healthcare arena impacted by such occurrences include Athenahealth, CardinalHealth, Kaiser Permanente, Amgen, Merck, Pfizer, Roche, Epic, Kareo and DrChrono, according to the DataSpii report
“Even if you did not have one of the extensions, you may not be immune to the data leak,” said report author Sam Jadali, founder of an internet hosting service and originator of DataSpii, in a statement, adding, “If you or someone with whom you communicated online had one of the invasive extensions installed on your computer, you may have been impacted by the DataSpii leak."
Special-Pricing Available on Medical Displays, Patient Monitors, Recorders, Printers, Media, Ultrasound Machines, and Cameras.This includes Top Brands such as SONY, BARCO, NDS, NEC, LG, EDAN, EIZO, ELO, FSN, PANASONIC, MITSUBISHI, OLYMPUS, & WIDE.
Jadali began looking into browser extension privacy issues last year and recently determined that the add-on extensions that collected data included, Fairshare Unlock, SpeakIt!, Hover Zoom, PanelMeasurement, SaveFrom.net Helper, Panel Community Surveys, and Branded Surveys, according to ars technica
The browser extensions were mostly used with Chrome, as well as Firefox. Google's estimate puts the number of users of the extensions as high as 4.1. million.
The extensions typically gathered URLs, webpage titles and even embedded hyperlinks of all pages visited, with data made available for a price by Nacho Analytics, a fee-based service “which markets itself as 'God mode for the Internet' and uses the tag line 'See Anyone’s Analytics Account'.”
Through the pages and links some very sensitive information can be exposed, including tax returns, credit card information, usernames, passwords, private LAN structure, firewall access codes and API keys — much of which makes it easier to hack systems such as those used in healthcare.
Google and Mozilla responded to the report by disabling the extensions he had found, so users cannot get them as add-ons through their browser's sites.
“We are aware of the changing security landscape and, as such, have created a list of Recommended Extensions which are editorially vetted, security-reviewed, and monitored for safety and privacy by Mozilla,” said a company spokesperson, according to Forbes