MedStar says 2007, 2010 software flaws were not part of hack

April 6, 2016 by Tami Abdollah
MedStar says 2007, 2010 software flaws were not part of hack
In this March 28, 2016 file photo, a sign covers the door to MedStar Georgetown University Hospital in Washington. MedStar Health Inc. said April 6 that hackers who seriously disrupted its operations and held some data hostage did not exploit software vulnerabilities that were the subjects of warnings in 2007 and 2010 to break into its corporate network. (AP Photo/Molly Riley, File)

MedStar Health Inc. said Wednesday that hackers who seriously disrupted its operations and held some data hostage did not exploit software vulnerabilities that were the subjects of warnings in 2007 and 2010 to break into its corporate network.

The hospital chain released a new statement after The Associated Press reported Tuesday that hackers broke into a corporate computer server exploiting flaws that had persisted for years on the network. The AP's report was attributed to a person familiar with the investigation who was not authorized to discuss the findings publicly. MedStar said the new information came from Symantec Corp., which it hired to investigate.

The vulnerabilities were in a JBoss application server, supported by Red Hat Inc. and other organizations, which were the subject of public warnings in 2007 and 2010.

MedStar said, "The 2007 and 2010 fixes referenced in the article were not contributing factors in this event."

MedStar assistant vice president Ann Nickels declined to clarify or elaborate. It's unclear whether MedStar was trying to convey that the two vulnerabilities had been already resolved or that hackers had found another method of breaking into the JBoss server.

The MedStar hackers employed virus-like software known as Samas, or "samsam," that scours the Internet searching for accessible JBoss application servers that are vulnerable to those flaws. It's the virtual equivalent of rattling doorknobs in a neighborhood to find unlocked homes. When it finds one, the software breaks in using the old vulnerabilities, then can spread across the company's network by stealing passwords. Along the way, it encrypts scores of digital files and prevents access to them until victims pay the hackers a ransom, usually between $10,000 and $15,000.

If a victim hasn't made safe backups of files, there may be little choice except to pay, although MedStar has said it paid nothing. The hospital chain shut down its systems quickly after discovering the attack, limiting its impact to archives, some imaging and lab files and other duplicate records, according to the person with inside knowledge of the attack.

The FBI, which is investigating, declined to discuss how the hackers broke in. It issued a flash message to companies days after the MedStar hacking, describing the dangers of samsam and asking for help detecting it and improving defenses against it. Days later, the Homeland Security Department issued a separate warning about samsam and another common ransomware strain, Locky, which tricks victims into opening email attachments to infect computers.

Explore further: Hackers broke into hospitals despite software flaw warnings

Related Stories

Hackers broke into hospitals despite software flaw warnings

April 5, 2016

The hackers who seriously disrupted operations at a large hospital chain recently and held some data hostage broke into a computer server left vulnerable despite urgent public warnings since at least 2007 that it needed to ...

Five ways to become a smaller target for ransomware hackers

April 5, 2016

Hacking for ransom is on the rise—on pace to beat out last year's figures—and hits people where it hurts, locking them out of files, photos and critical records until they pay hackers a bounty to restore their access. ...

Recommended for you

Study reveals properties of a Type Ib supernova in NGC 4080

March 25, 2019

A recent study conducted by astronomers has revealed important observational properties of a Type Ib supernova designated MASTER OT J120451.50+265946.6, which exploded in the galaxy NGC 4080. The research, presented in a ...

Catalyst advance removes pollutants at low temperatures

March 25, 2019

Researchers at Washington State University, University of New Mexico, Eindhoven University of Technology, and Pacific Northwest National Laboratory have developed a catalyst that can both withstand high temperatures and convert ...

0 comments

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.