An AP report that hackers placed ransomware on MedStar Health's corporate network by exploiting a known server flaw are incorrect, according to a statement from MedStar's Vice President of Public Relations, Ann C. Nickels.
Last night, the Associated Press reported that an anonymous source "familiar with the investigation" said hackers accessed the network through a vulnerability in an application called JBoss. Government and security experts red flagged the vulnerability as early as 2007, according to the report.
Security firm Symantec has been conducting forensic analysis on the MedStar incident, according to the statement, and found that "the 2007 and 2010 fixes referenced in the [AP] article were not contributing factors in this event." MedStar has also been working with the FBI on the case.
Based on the advice of IT, cybersecurity and law enforcement experts, "MedStar will not be elaborating further on additional aspects of this malware event," Nickels said in the statement. "This is not only for the protection and security of MedStar Health, its patients and associates, but is also for the benefit of other healthcare organizations and companies."
To learn more:
- read the MedStar statement
Hospital hackers exploiting a flaw experts warned about in 2007