MedStar says 2007, 2010 software flaws not part of hacking

Staff Writer
Columbus CEO

WASHINGTON (AP) — MedStar Health Inc. says hackers who seriously disrupted its operations did not exploit software vulnerabilities that were the subjects of warnings in 2007 and 2010 to break into its corporate network.

The hospital chain said the information came from Symantec Corp., which it hired to investigate.

It disputed a report Tuesday by The Associated Press that hackers broke into a computer server exploiting flaws that had persisted for years on the network. The AP's reporting was attributed to a person familiar with the investigation. The person wasn't authorized to discuss the findings publicly and spoke on condition of anonymity.

The new statement says the 2007 and 2010 software updates were "not contributing factors."

The AP said the hackers employed virus-like software that searches the Internet for vulnerable JBoss application servers.