US-CERT warns MEDHOST medical app contains hard-coded credentials

Pierluigi Paganini May 30, 2016

The US Computer Emergency Response Team has issued a warning after the discovery a security issue the popular medical application MEDHOST PIMS (PIMS).

Many security experts believe that medical industry lack of a proper security posture, despite it is a high-tech sector the vast majority of medical equipment was not designed with a security by design approach. Another element to consider is that the healthcare industry is becoming a privileged target for cyber criminals, we are assisting to an escalation of the incidents that are involving medical infrastructure.

Now the US Computer Emergency Response Team (US-CERT) has issued a warning after the discovery of a major issue (CVE-2016-4328) in one of the most popular medical application, the MEDHOST.

The medical application is used for acquiring patient data and experts discovered hardcoded admin credential in its code.

MEDHOST PIMS, previously branded as VPIMS, contains hard-coded credentials that are used for customer database access. An attacker with knowledge of the hard-coded credentials and the ability to communicate directly with the application database server may be able to obtain or modify sensitive patient information.” reads the alert issued by the US-CERT.


The MEDHOST application is a widely adopted application used in the health care industry to manage patient data in the perioperative three stages of surgery.

It allows tracking patients and related conditions in the surgical process that allows remote management, it has been estimated that more than 1,000 health care facilities use several solutions designed by the same vendor.

Once the attacker gets the hardcoded admin credential, he could access any data present in the MEDHOST application, and he could do it if the remote login is not properly monitored.

In order to mitigate the security problem, the US-CERT suggests to apply the upgrade issued by the vendor and in any case restrict network access.

“As a general good security practice, only allow connections from trusted hosts and networks. Restricting access would prevent an attacker from using the hard-coded credentials from a blocked network location.” continues the US-CERT

In the specific case the patch management process worked very efficiently, the vendor issued the patch for the MEDHOST PIMS just a month after the disclosure of the vulnerability that occurred in March.

If you appreciate my effort in spreading cyber security awareness, please vote for Security Affairs as best European Security Blog. Vote SecurityAffairs in every section it is reported. I’m one of the finalists and I want to demonstrate that the Security Affairs community a great reality.

Thank you


[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – MEDHOST, hacking)

you might also like

leave a comment