The hackers who badly disturbed operations at a large hospital chain, they recently held some data hostage broke into a computer server left vulnerable even after getting serious public warnings since at least 2007 which it needed to be resolved with a simple update, states Associated Press.
Hackers Broke Into Hospitals Despite Warnings of Software Glitch
The hackers utilized design flaws that had remained on the MedStar Health network, according to a person close with the investigation who spoke on condition of not revealing his name because this person was not permitted to debate on decisions publicly. The person said that the flaws were present in Jboss application server supported by Red Hat Inc. and other organizations.
FBI is investigating this matter but refused to say that how the hackers broke in.
JBoss Technology is well liked as it lets programmers to write custom built software tools that can be instantly made available throughout the company, however security research found that it was frequently misconfigured to let unauthorized outside users to obtain access.
“The U.S. government, Red Hat and others issued urgent warnings about the security problem and a related flaw in February 2007, March 2010 and again earlier this week. The government warned in 2007 the problem could disrupt operations and allow for unauthorized disclosures of confidential information” according to Associated Press.
“It was not immediately clear why the hospital chain, which operates 10 hospitals in Maryland and Washington including the MedStar Georgetown University Hospital, was still vulnerable years after those warnings. The new disclosure doesn’t diminish the potential culpability of the hackers responsible for the break-in, but it reveals important details about how the crime unfolded. And it could affect MedStar’s civil or administrative exposure under U.S. laws and regulations that require health providers to exercise reasonable diligence to protect their systems”.
“If you haven’t patched your server, you’re vulnerable, and it can compromise your server at 3 a.m. in the morning when no one’s watching,” said Craig Williams, a senior technical leader at Talos, Cisco’s security research organization. “This is simply a case of people not following best practices and not applying patches for people to correct their systems.”
“Identifying the hackers and arresting them can be difficult. Tracing the scanning activity preceding an attack typically leads to other hacked computers; logs that might yield identifying clues can be manipulated or deleted and the samsam software is unusually self-sufficient and doesn’t require hackers to control it after an infection. Ransoms are paid using hard-to-trace digital currency”.