Healthcare system's ransomware attack allowed by known security flaw

Last month’s attack on MedStar Health’s computer systems came through a well-known security vulnerability in an application server


The recent ransomware attack on MedStar Health’s computer systems came through from a well-known security vulnerability in an application server, according to an article on the Healthcare Finance website.

The  attack occurred after hackers discovered that MedStar uses JBoss, an application server with a recognized design flaw. The hackers used a virus-like software to scan the Internet for vulnerable JBoss servers.

Security researchers found that the JBoss application server was routinely misconfigured to allow unauthorized outside users to gain control.

The US government, Red Hat Inc., and other groups released warnings about the security issue in February 2007 and March 2010. MedStar could have fixed the vulnerability by installing a patch for the system or manually deleting two lines of software code. 

Read the article.

 

 



April 19, 2016


Topic Area: Safety


Recent Posts

How Backup Power Needs Vary Across Healthcare Settings

Manufacturers discuss how evolving codes, technologies and care settings shape healthcare backup power strategies.


Flexible Design Strategies Help OhioHealth Maximize Clinical Space

Doing more with less was key to the renovated facility’s design.


New Bass Center for Childhood Cancer and Blood Diseases Opens

The new space not only offers more exam rooms but also features 15 private infusion bays to allow privacy for all patients and their caregivers during treatment.


Encompass Health Rehabilitation Hospital of Daytona Beach Opens

Hospital amenities include all private patient rooms, a spacious therapy gym featuring advanced rehabilitation technologies, an activities of daily living suite and more.


What Healthcare Facilities Can Learn from a $49 Million Window Failure

A major window system failure at the University of Iowa’s Children’s Hospital sparked a costly replacement project – and a $49.4 million arbitration win.


 
 


FREE Newsletter Signup Form

News & Updates | Webcast Alerts
Building Technologies | & More!

 
 
 


All fields are required. This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

 
 
 
 

Healthcare Facilities Today membership includes free email newsletters from our facility-industry brands.

Facebook   Twitter   LinkedIn   Posts

Copyright © 2023 TradePress. All rights reserved.