Healthcare system's ransomware attack allowed by known security flaw

Last month’s attack on MedStar Health’s computer systems came through a well-known security vulnerability in an application server


The recent ransomware attack on MedStar Health’s computer systems came through from a well-known security vulnerability in an application server, according to an article on the Healthcare Finance website.

The  attack occurred after hackers discovered that MedStar uses JBoss, an application server with a recognized design flaw. The hackers used a virus-like software to scan the Internet for vulnerable JBoss servers.

Security researchers found that the JBoss application server was routinely misconfigured to allow unauthorized outside users to gain control.

The US government, Red Hat Inc., and other groups released warnings about the security issue in February 2007 and March 2010. MedStar could have fixed the vulnerability by installing a patch for the system or manually deleting two lines of software code. 

Read the article.

 

 



April 19, 2016


Topic Area: Safety


Recent Posts

The Future of Healthcare Facility Construction Projects

Brian Cowperthwaite highlights the invisible work that impacts everyone who walks through a healthcare facility.


Ground Broken on Jupiter Medical Center's Second Hospital

The 53,000-square-foot hospital will include 29 inpatient beds, four operating rooms, 24-hour emergency services, a diagnostic laboratory and imaging services.


Singing River Health System Ensnared by Data Breach

Through an investigation, on February 10, 2026, SRHS learned that the unauthorized party had accessed certain SRHS files that contained patient information.


Partnering on Personnel: Strategies for Success

Environmental services in healthcare have special staffing circumstances. They must meet stringent compliance standards and maintain accreditations.


Kaiser Permanente Opens First Two Medical Offices in Northern Nevada

These are part of its joint venture with Renown Health.


 
 


FREE Newsletter Signup Form

News & Updates | Webcast Alerts
Building Technologies | & More!

 
 
 


All fields are required. This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

 
 
 
 

Healthcare Facilities Today membership includes free email newsletters from our facility-industry brands.

Facebook   Twitter   LinkedIn   Posts

Copyright © 2023 TradePress. All rights reserved.