RockYou was compromised through one of the most basic web vulnerabilities. MedSecure's web applications, patient portals, and APIs must be tested for injection vulnerabilities.