Slashdot: Wyden Says Microsoft Flaws Led to Hack of US Hospital System

Sep 10, 2025

—

Source URL: https://news.slashdot.org/story/25/09/10/1951230/wyden-says-microsoft-flaws-led-to-hack-of-us-hospital-system?utm_source=rss1.0mainlinkanon&utm_medium=feed
Source: Slashdot
Title: Wyden Says Microsoft Flaws Led to Hack of US Hospital System

Feedly Summary:

AI Summary and Description: Yes

Summary: The text outlines a significant cybersecurity incident involving Microsoft, leading to a ransomware attack on Ascension, a major US hospital system. Senator Ron Wyden has called for an FTC investigation, highlighting negligence that resulted in critical infrastructure compromises and exposing patient data. The incident underscores vulnerabilities within popular encryption technologies and the impacts of cyberattacks on healthcare.

Detailed Description:
The text discusses a letter from US Senator Ron Wyden to the Federal Trade Commission (FTC), urging an investigation into Microsoft for their alleged cybersecurity negligence that contributed to a ransomware attack affecting Ascension, one of the largest nonprofit healthcare systems in the United States. The breach compromised the operations of multiple hospitals and led to the exposure of sensitive information for over 5 million patients. Here are the major points from the incident:

– **Cybersecurity Flaw**: The senator accuses Microsoft of gross negligence in their cybersecurity practices which allowed the ransomware attack to take place.
– **Attack Details**:
– The breach reportedly started when a contractor conducted a search using Microsoft’s Bing.
– The contractor inadvertently downloaded malware after clicking on a malicious link, which granted access to the hospital’s computer networks.
– **Impact on Operations**: The intrusion forced hospitals to shut down operations, including the suspension of surgeries, showing the critical nature of cybersecurity in the healthcare sector.
– **Data Exposure**: Sensitive data of over 5 million patients was compromised during this incident.
– **Exploitation of Encryption Technology**: The attackers exploited an insecure encryption method known as RC4, which is still supported by default on Windows systems, highlighting concerns over legacy technologies in modern security frameworks.
– **Attack Methodology**: The breach employed a technique called Kerberoasting, where the attackers targeted Kerberos, a widely used authentication protocol, to gather passwords and gain unauthorized access to privileged accounts.

This incident serves as a crucial reminder for security professionals regarding the importance of maintaining robust cybersecurity measures in critical infrastructure sectors, especially in healthcare, where the stakes for patient safety and data integrity are extremely high. It emphasizes the need for stronger encryption practices and the importance of investigating third-party vulnerabilities in preventing such attacks.

1 10 2 3 4 5 a access account Act after AI All allow alt and Arch art as at attack attack method attack methodology attacker attackers attacks authentication Authentication Protocol AWS Bi bing breach by C CERN CI CIA cli co Col compromised compute computer concerns contract core critical critical infrastructure cyber cyberattack Cyberattacks cybersecurit Cybersecurity cybersecurity incident cybersecurity measures cybersecurity practices D data data exposure data integrity de default DoT e encryption encryption practices encryption technologies encryption technology event eventing exp exploit Exploitation fault Fed Federal Trade Commission flaws for framework frameworks FTC g Gen H hack health Healthcare healthcare sector healthcare system healthcare systems high Highlight hospital hospitals http HTTPS impact in incident information infrastructure infrastructure sector integrity investigation io ite J k Kerberoasting Kerberos l large law leading led legacy tech legacy technologies Li line Link load low M malware measures Micro Microsoft mission Mode Modern modern security multi N negligence network networks new news no non nonprofit o of on one ons operation operations ory oS oss out over party party vulnerabilities passwords patient data patient safety per point practices pre privilege privileged accounts pro professionals profit protocol ps Q R ransom ransomware ransomware attack RCE re report Ro RoT s safe safety search sec sector secure security Security Flaw security framework security frameworks security incident security measure security measures security practices security professionals sensitive data sensitive information Sig size sizes source SSE STAR start state states STIG support system systems T Tails target targeted tech technologies technology ted text the third third-party third-party vulnerabilities to Tor TP trade two unauthorized access under United States up US use uth V vulnerabilities Ware Wi Wind Windows Windows system Windows systems x z