"COVID-19" is a code in the Johnson Health Center's (JHC) system that informed them that they had an "astrovirus". What would happen next depended on how health center staff and doctors responded to the warning. After careful review, JHC's systems engineers discovered that there was no virus and the COVID-19 message was merely a falsification of a test result for bug detection software running on the Centers for Disease Control and Prevention (CDC). The false alert went out live to other organizations that then issued their false alerts, creating worldwide panic.
The COVID-19 alert was the result of a hacker exploiting the Office of the Secretary of Defense's (OSD) Health Affairs' Systems Interface for Management, Command, and Control (SIMC2). JHC had been using SIMC2 for about four months without any major problems. Following this incident, JHC and HHS/CDC agreed to remove SIMC2 from use and replace it with a more secure system immediately. JHC conducted an investigation to verify that there was no virus. They also examined their systems to ensure that they complied with mandatory security standards and performed a root cause analysis of this event.
Why was the False Alarm Caused by the SIMC2 System?
SIMC2 was used to facilitate real-time communication between JHC and HHS/CDC. Unfortunately, someone exploited a weakness in this system. A hacker gained access to the system that allowed him/her to manipulate information and distribute it as they saw fit. Simc2 was used on several federal agencies and services, including the Chemical Monitoring System (CMS) and the Air Force's Redstone missile system; so it was not unusual for this malicious hacker to gain access.
What Was the First Notification That the Centers for Disease Control and Prevention Received from JHC?
The first notification was a system error message, which stated that the COVID-19 warning had appeared on both sites. It also stated that there was no way to know where or when the information was inserted. The error message prompted an immediate investigation of this incident. This investigation led to the discovery of several false test results, which indicated that there were problems with JHC's network monitoring systems. We then communicated these issues back to JHC and began working together to resolve these issues as quickly as possible.
How Did Johnson Health Center Handle the SIMC2 Incident?
Johnson Health Center's technical staff checked their virus monitoring systems and found no evidence of a virus. In addition, they performed a thorough systems check and found no irregularities in their network. The investigation also revealed that there was no malicious code at all on any of the servers JHC had used to interface with SIMC2. As for personnel behavior, it appeared that only one user had accessed SIMC2 during the period involved in this incident.
It is reported that Johnson Health Center only discovered this vulnerability because they had recently implemented a new security system. How did that help?
Johnson Health Center had implemented a system to monitor network activity, but it was the first time the JHC decided to monitor the SIMC2 interface as well. The JHC discovered the anomaly in their systems monitoring logs and investigated further, which led them to discover that a hacker had compromised their interface with SIMC2. The new security system gave JHC the opportunity to catch this intrusion when it occurred. This resulted in speedy communication of the compromise and resolution of problems after an investigation.
Conclusion
Because of the incident, JHC is now aware of vulnerabilities within their networks. This incident has also pushed them to improve their security systems to prevent future attacks and better protect patient privacy. In addition, they have already pushed SIMC2 out of their system and will be replacing it with a more secure system soon.
We would like to thank Johnson Health Center for sharing this information with others and for taking the time to conduct a thorough investigation. By sharing this valuable information about this potential threat, we hope that other organizations can become aware of potential problems in their own systems as well. This case is just one example from several thousands that have been handled by the U.
0 Comments