America's Frontline Doctors: Difference between revisions

From Enlace Hacktivista
Jump to navigation Jump to search
(Created page with "Hack of Cadence Health tele-medicine platform and Ravkoo Pharmacy used by America's Frontline Doctors to prescribe and distribute ivermectin and hydroxychloroquine as a cure for COVID-19. * [https://theintercept.com/2021/09/28/covid-telehealth-hydroxychloroquine-ivermectin-hacked/ The Intercept: Network of Right-Wing Health Care Providers Is Making Millions Off Hydroxychloroquine and Ivermectin, Hacked Data Reveals] * [https://theintercept.com/2021/11/01/covid-hydroxych...")
 
mNo edit summary
 
Line 1: Line 1:
Hack of Cadence Health tele-medicine platform and Ravkoo Pharmacy used by America's Frontline Doctors to prescribe and distribute ivermectin and hydroxychloroquine as a cure for COVID-19.
Hack of Cadence Health tele-medicine platform and Ravkoo Pharmacy used by the right-wing America's Frontline Doctors group to prescribe and distribute ivermectin and hydroxychloroquine as false cures for COVID-19.


* [https://theintercept.com/2021/09/28/covid-telehealth-hydroxychloroquine-ivermectin-hacked/ The Intercept: Network of Right-Wing Health Care Providers Is Making Millions Off Hydroxychloroquine and Ivermectin, Hacked Data Reveals]
* [https://theintercept.com/2021/09/28/covid-telehealth-hydroxychloroquine-ivermectin-hacked/ The Intercept: Network of Right-Wing Health Care Providers Is Making Millions Off Hydroxychloroquine and Ivermectin, Hacked Data Reveals]

Latest revision as of 04:57, 24 December 2021

Hack of Cadence Health tele-medicine platform and Ravkoo Pharmacy used by the right-wing America's Frontline Doctors group to prescribe and distribute ivermectin and hydroxychloroquine as false cures for COVID-19.

Explanation of the Hack

The hacker told The Intercept that Cadence Health and Ravkoo were “hilariously easy” to hack. The websites of both companies had broken access controls, one of the most common mistakes in web application security.

The Cadence Health website only validated user input on the client side, not the server side, according to the hacker. This means that when a user accesses the telemedicine site the normal way, by loading the site in their browser, they can only access their own data, but if they write a program that tries to access other data on the server, the server will respond with that data. The hacker simply asked the server for all patient data.

The Ravkoo website had a “hidden admin panel that every user can log in to and view all the data,” according to the hacker. Using this admin panel, the hacker was able to exfiltrate all of the online pharmacy’s prescription data.