Healthcare system's ransomware attack allowed by known security flaw

Last month’s attack on MedStar Health’s computer systems came through a well-known security vulnerability in an application server


The recent ransomware attack on MedStar Health’s computer systems came through from a well-known security vulnerability in an application server, according to an article on the Healthcare Finance website.

The  attack occurred after hackers discovered that MedStar uses JBoss, an application server with a recognized design flaw. The hackers used a virus-like software to scan the Internet for vulnerable JBoss servers.

Security researchers found that the JBoss application server was routinely misconfigured to allow unauthorized outside users to gain control.

The US government, Red Hat Inc., and other groups released warnings about the security issue in February 2007 and March 2010. MedStar could have fixed the vulnerability by installing a patch for the system or manually deleting two lines of software code. 

Read the article.

 

 



April 19, 2016


Topic Area: Safety


Recent Posts

Texas Law Limits Backup Power Mandates for Senior Care Facilities

As Texas relaxes generator mandates, healthcare facility managers now face tough decisions about emergency power investments and resident safety.


Cyber Crossfire: Why Healthcare Is Becoming a Battleground in Global Conflicts

As geopolitical tensions escalate, hospitals and critical suppliers are increasingly targeted in cyberattacks.


UPMC Presbyterian Receives $65 Million Gift for New Bed Tower

The tower is projected to open for patient care in early 2027.


Premier Health Partners Falls Victim to Cyber Incident

The incident occurred in July 2023.


Backup Power's Expanding Role in Emergency Preparedness for Healthcare

Manufacturers discuss design strategies, code shifts and lessons learned from real-world disasters.


 
 


FREE Newsletter Signup Form

News & Updates | Webcast Alerts
Building Technologies | & More!

 
 
 


All fields are required. This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.