According to the AP report, all that could have been avoided if MedStar had patched a server problem that has been the subject of repeated warnings dating back to 2007.
“This old issue is still somehow spread across Internet-facing servers,” Stefano Di Paola and Giorgio Fedon of Minded Security, an Italian security firm, told AP. The two researchers were responsible for revealing a similar security flaw in 2010 affecting Red Hat, the company behind JBoss.
Red Hat and the U.S. government’s cyber experts have issued security warnings regarding Red Hat, including the issue affecting MedStar, in 2007, 2010 and earlier this week, and news reports have been written for years concerning past breaches achieved by exploiting JBoss vulnerabilities.
The vulnerability that hackers used to gain access to the hospitals’ networks and install ransomware could have been resolved by deleting two lines of software code, or applying an existing patch, according to AP.