Update: MedStar subsequently denied this report. See Ars Technica’s coverage of their response.
Tami Abdollah reports:
The hackers who seriously disrupted operations at a large hospital chain recently and held some data hostage broke into a computer server left vulnerable despite urgent public warnings since at least 2007 that it needed to be fixed with a simple update, The Associated Press has learned.
The hackers exploited design flaws that had persisted on the MedStar Health Inc. network, according to a person familiar with the investigation who spoke on condition of anonymity because this person was not authorized to discuss the findings publicly. The flaws were in a JBoss application server supported by Red Hat Inc. and other organizations, the person said.
Read more on Yahoo!