MedStar: Ransomware success wasn’t IT department’s fault
Sean Gallagher reports that MedStar is firmly denying others’ reporting about their recent ransomware attack:
Tami Abdollah of the Associated Press reported Tuesday that an anonymous source “familiar with the investigation” of the cyberattack claimed that the flaws that allowed attackers to compromise a JBoss Web application server and attack the network with Samsam crypto-ransomware had been highlighted in security warnings from JBoss maintainer Red Hat, the US government and others in February 2007, March 2010, and again this month.
MedStar denies that the earlier warnings—including one issued as a security advisory by Red Hat in April 2010—had anything to do with the attack, according to the findings of a response team from Symantec. “News reports circulating about the malware attack on MedStar Health’s IT system are incorrect,” a MedStar spokesperson said in a statement.
Read more on Ars Technica.