US-CERT warns MEDHOST medical app contains hard-coded credentials

The US Computer Emergency Response Team has issued a warning after the discovery a security issue the popular medical application MEDHOST PIMS (PIMS).

Many security experts believe that medical industry lack of a proper security posture, despite it is a high-tech sector the vast majority of medical equipment was not designed with a security by design approach. Another element to consider is that the healthcare industry is becoming a privileged target for cyber criminals, we are assisting to an escalation of the incidents that are involving medical infrastructure.

Now the US Computer Emergency Response Team (US-CERT) has issued a warning after the discovery of a major issue (CVE-2016-4328) in one of the most popular medical application, the MEDHOST.

The medical application is used for acquiring patient data and experts discovered hardcoded admin credential in its code.

“MEDHOST PIMS, previously branded as VPIMS, contains hard-coded credentials that are used for customer database access. An attacker with knowledge of the hard-coded credentials and the ability to communicate directly with the application database server may be able to obtain or modify sensitive patient information.” reads the alert issued by the US-CERT.

MEDHOST PIMS flaw

The MEDHOST application is a widely adopted application used in the health care industry to manage patient data in the perioperative three stages of surgery.

It allows tracking patients and related conditions in the surgical process that allows remote management, it has been estimated that more than 1,000 health care facilities use several solutions designed by the same vendor.

Once the attacker gets the hardcoded admin credential, he could access any data present in the MEDHOST application, and he could do it if the remote login is not properly monitored.

In order to mitigate the security problem, the US-CERT suggests to apply the upgrade issued by the vendor and in any case restrict network access.

“As a general good security practice, only allow connections from trusted hosts and networks. Restricting access would prevent an attacker from using the hard-coded credentials from a blocked network location.” continues the US-CERT

In the specific case the patch management process worked very efficiently, the vendor issued the patch for the MEDHOST PIMS just a month after the disclosure of the vulnerability that occurred in March.

If you appreciate my effort in spreading cyber security awareness, please vote for Security Affairs as best European Security Blog. Vote SecurityAffairs in every section it is reported. I’m one of the finalists and I want to demonstrate that the Security Affairs community a great reality.

https://www.surveymonkey.com/r/secbloggerwards2016

Thank you

Pierluigi

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – MEDHOST, hacking)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.