Wyden Says Microsoft Flaws Led to Hack of US Hospital System (bloomberg.com)
- Reference: 0179141098
- News link: https://news.slashdot.org/story/25/09/10/1951230/wyden-says-microsoft-flaws-led-to-hack-of-us-hospital-system
- Source link: https://www.bloomberg.com/news/newsletters/2025-09-10/wyden-says-microsoft-flaws-led-to-hack-of-us-hospital-system-mfdt6mkb
> In [1]a letter sent Wednesday to FTC Chairman Andrew Ferguson, the Oregon Democrat accused Microsoft of " [2]gross cybersecurity negligence ," which he said had resulted in ransomware attacks against US critical infrastructure.
>
> The senator cited the case of [3]the 2024 breach at Ascension , one of the nation's largest nonprofit health systems. The intrusion shut down computers at many of Ascension's hospitals, leading to suspended surgeries and the theft of sensitive data on more than 5 million patients. Wyden said an investigation by his office found that the Ascension hack began after a contractor carried out a search using Microsoft's Bing search engine and was served a malicious link, which led to the contractor inadvertently downloading malware. That allowed hackers access to Ascension's computer networks.
>
> According to Wyden, the attackers then gained access to privileged accounts by exploiting an insecure encryption technology called RC4, which is supported by default on Windows computers. The hacking method is called Kerberoasting, which the company described as a type of cyberattack in which intruders aim to gather passwords by targeting an authentication protocol called Kerberos.
[1] https://www.wyden.senate.gov/news/press-releases/wyden-calls-for-ftc-investigation-of-microsoft-for-enabling-ascension-hospital-ransomware-hack-with-insecure-software
[2] https://www.bloomberg.com/news/newsletters/2025-09-10/wyden-says-microsoft-flaws-led-to-hack-of-us-hospital-system-mfdt6mkb
[3] https://yro.slashdot.org/story/24/12/23/2132232/health-care-giant-ascension-says-56-million-patients-affected-in-cyberattack
Funny! (Score:2)
"encryption technology called RC4"
Don't be silly (Score:1)
This is an infrastructure design and monitoring mistake. Can't be traced to just Microsoft, it is a very simple way to avoid responsibilities.
An institution as important as a hospital, must have a partitioned network, with security levels that avoid a mistake in a zone to destroy the work of another one. And the data and related processes must be organized accordingly with their importance and sensitivity.
Also, good and enough contingency plans must exist.
Everything else is to play as children with
What's His Angle? (Score:2)
What a clown. He can't be that stupid.
The fine senator should be suing Ascension for not solely using Apple products, like he does.
Microsoft let everyone know about this (Score:2)
[1]https://www.microsoft.com/en-u... [microsoft.com]
Wyden is just another old man who should be shoved out the Capitol exit and into a wood chipper so that younger people whose brains are not yet failing can take on the job of leadership. The spray of his corpse can be used to feed failing grass in DC, shoveled and spread by National Guardsman ashamed of what their government has made them do.
[1] https://www.microsoft.com/en-us/security/blog/2024/10/11/microsofts-guidance-to-help-mitigate-kerberoasting/
Is it really Microsoft's fault? (Score:2)
I like to Microsoft bash as much as the next Unix / Linux loving nerd, but, is this really their fault? It's possible to deploy containerization security standards on Windows, to make it high security, so, is the real issue the contractor didn't follow smart isolation? There is a real issue with data storage and data handling, but again, is that Microsoft's fault? The data should have been encrypted with something like AES-256-GCM, and every node in the network should have been closed tighter than a nuns
Re: (Score:2)
> why was he even running Windows?
This is the "Fox News defense".
"It's not our fault because if someone's stupid enough to trust us, they deserve what they get."
Re: (Score:2)
>> why was he even running Windows?
> This is the "Fox News defense".
> "It's not our fault because if someone's stupid enough to trust us, they deserve what they get."
Well to be fair, he is a "Murdoch"