Computerworld - A Fort Wayne, Ind.-based orthopedics clinic with more than a dozen facilities in the state has called in the FBI to investigate a hacking incident that highlights the dangers companies can face from the placement of hidden back doors in their software.
The case involves Orthopaedics Northeast, which last month suddenly began experiencing serious performance slowdowns with Webchart, a clinical document management system supplied to the clinic by Medical Informatics Engineering Inc., a health care software developer that's also based in Fort Wayne.
MIE, which no longer supports the clinic's Webchart installation, last week confirmed that it is part of the FBI's investigation. But it denied that it was involved in the hacking activities at the clinic, which is known informally as ONE.
The performance problems, which on one occasion caused the Webchart software to become totally inaccessible for several days, were eventually traced to deliberate changes made in the system's underlying MySQL database, according to Todd Plesko, CEO of triPractix LLC, a medical systems integrator that now manages the clinic's IT services.
The database changes were made by someone who illegally accessed the system nine times over a period of two weeks, initially via a back door using a hard-coded username and password, said Plesko, whose company is based in Fort Wayne as well.
Uncovering the intrusion led to the discovery of "a backdoor realm called MIE Private with a username of MIE that would completely bypass all of Webchart's front-end authentication," he explained.
Plesko said that in one instance, two 1's were appended to the end of a database query to make it crash. In another case, a print-server directory was deleted from the system.
Hospital Hack
The hacker subsequently appears to have used the backdoor access to set up or modify user accounts to also allow conventional access to Webchart, said Benjamin Kessler, a senior network consultant at Midwest Network Services Group LLC, a network infrastructure and security consulting firm in Fort Wayne that helped the clinic investigate the incident.
According to Kessler, an analysis of system and firewall logs showed that the person accessing the Webchart system came in via a proxy server at a local hospital. The systems at ONE were connected to the hospital's network via a virtual private network.
The hospital's logs showed that the proxy server had been accessed from a Windows Server 2003 system at another clinic, Kessler said. That system, in turn, appeared to have been accessed from within MIE's network, he added. Tracing the alleged route taken by the
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
