Healthcare system's ransomware attack allowed by known security flaw

Last month’s attack on MedStar Health’s computer systems came through a well-known security vulnerability in an application server


The recent ransomware attack on MedStar Health’s computer systems came through from a well-known security vulnerability in an application server, according to an article on the Healthcare Finance website.

The  attack occurred after hackers discovered that MedStar uses JBoss, an application server with a recognized design flaw. The hackers used a virus-like software to scan the Internet for vulnerable JBoss servers.

Security researchers found that the JBoss application server was routinely misconfigured to allow unauthorized outside users to gain control.

The US government, Red Hat Inc., and other groups released warnings about the security issue in February 2007 and March 2010. MedStar could have fixed the vulnerability by installing a patch for the system or manually deleting two lines of software code. 

Read the article.

 

 



April 19, 2016


Topic Area: Safety


Recent Posts

CRAB Alert: The EVS Role in Preventing Infection

CRAB is a Gram-negative bacterium that causes bloodstream infections, ventilator-associated pneumonia, surgical wound infections and meningitis in hospitalized patients.


Why Hospital Waiting Rooms Aren't Going Away

Despite advances in technology, thoughtfully designed reception spaces continue to evolve.


Ground Broken on Mount Sinai Tisch Cancer Hospital

The hospital is aiming to open in 2030 on Mount Sinai’s Upper East Side campus.


Design, Compartmentation, Training: How Defend-in-Place Strategies Can Protect Patients

Effective defend-in-place strategies depend on compartmentation, fire-rated assemblies and ongoing staff training to protect patients who cannot quickly evacuate.


Milestone Marked with Topping Out Ceremony for BayCare Hospital Manatee

Construction remains on schedule, with crews continuing work on interior spaces, infrastructure and clinical areas throughout the facility.


 
 


FREE Newsletter Signup Form

News & Updates | Webcast Alerts
Building Technologies | & More!

 
 
 


All fields are required. This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.