- Last month’s ransomware attack on MedStar Health’s computer systems was from a well-known security vulnerability in an application server, according to an Associated Press article.
The ransomware attack occurred after hackers discovered that MedStar Health uses JBoss, an application server with a recognized design flaw. The hackers used Samas, or “samsam,” a virus-like software, to scan the Internet for vulnerable JBoss servers.
JBoss technology, which is supported by Red Hat Inc., allows IT programmers to develop custom software tools that can be quickly implemented across a company.
Security researchers found that the JBoss application server was “routinely misconfigured to allow unauthorized outside users to gain control,” explained the article.
The US government, Red Hat Inc., and other groups released warnings about the security issue in February 2007 and March 2010. The warnings explicitly stated that the security problem could allow unauthorized users to access confidential information and potentially disrupt business operations.
MedStar Health could have fixed the vulnerability by installing a patch for the system or manually deleting two lines of software code. The healthcare network has not released a statement on why the specific security flaw was not patched.
The healthcare company "maintains constant surveillance of its IT networks in concert with our outside IT partners and cybersecurity experts,” Assistant Vice President at MedStar Health Ann C. Nickles said in a statement to The Associated Press. “We continuously apply patches and other defenses to protect the security and confidentiality of patient and associate information.”
MedStar Health confirmed that almost all of its systems are back online after the March 28 ransomware attack. IT professionals at the healthcare network shutdown the EHR and email systems to prevent the malware from spreading.
The hackers were still able to gain access to healthcare data and hold it hostage. They demanded that MedStar Health pay them $19,000 for the release of the information.
Medstar Health confirmed that they did not pay the hackers and there is no evidence that patient healthcare information was misused.
However, the healthcare network was forced to switch to a paper system during the system downtime and it reduced patient volumes at its 10 hospitals and 250 outpatient centers. The healthcare data security event posed a serious threat to patient safety.
Patient Documents Stolen from NM medical center
The Navajo Area Indian Health Service (IHS) in New Mexico recently reported a possible healthcare data breach after a former employee reportedly stole health information.
Approximately 7,500 individuals were affected by the privacy breach, confirmed IHS.
On October 5, 2015, an individual at a public rental storage facility discovered several cardboard boxes containing health information for an estimated 470 patients. The individual contacted IHS and IHS employees recovered the patient files.
After the security incident, IHS reached out to the authorities to launch an investigation.
HHS investigators found that a former employee had taken patient registration documents and stored them in a storage unit. The former employee did not have the authority to take the documents.
Upon further review, HHS and IHS uncovered additional documents containing healthcare information for nearly 7,000 individuals in the former employee’s possession.
The health information that was potentially disclosed included Social Security numbers, dates of birth, diagnoses, and insurance policy numbers.
There have been no reports of patient information being inappropriately used, stated IHS.
IHS sent all potentially affected individuals a notification letter and offered complimentary identity theft protection services for a year.
According to a Koate Albuquerque report, IHS has increased employee training in response to the event.