DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Hospital Management Systems Breached, By @OfficialComrade .c0mrade

Posted on June 17, 2012 by Lee J

.c0mrade ( @officialcomrade ) has been very busy the past few weeks. The latest hack is on a hospital management system and .c0mrade has targeted two different hospitals after he was able to login to the system remotely with a very simple username and password. In the release is a few pictures and a message to the creators of this software about the vuls that have been found.   The leak was uploaded to pastebin with the following message in which .c0mrade is attemtping to explain these actions.

Hello, my minions. Let me start off by answering some questions. Q: Why do you do what you do? A: I’m not in it for treason or pedestrianizing millions around the world, I’m solely in it because Computer Security is the most fitful outlet for me. Nowadays, the Hacking community is motile. There’s hundreds of group who are hostile and make freedom-ring by indulging in illegal matters and leaking information on Websites to industrialize themselves within the scene. Q: Lets be clear, are you a White Hat or a Black Hat? A: I’d consider myself a Grey Hat. I use to run around like Rambo with my underwear strapped to my back publicizing private information but that isn’t the case now, it’s a matter of taste, my friends. No matter what we do in this era, the Government will always look at us as some heavily-reigned criminals. I’m one who’s swallowed that and accepted it. Thing is though, our Government is far more monomaniac then us. Think of it like that when you’re in custody, my kids. Let’s go! Amongst those affected include: [+] www.durdans.com [+] www.sunetra.org [+] Security Issue => Hospital Management System [+] Vulnerability => Software Vulnerability. Application setup is dreadful. Systematically, they gather together Hospital records and form it into one, easily accessible but hard to target because what’s in the application itself, only the Administrator can see as nothing is remote and nothing is channeled throughout the stream. [+] Risk Potential => Thousands of inpatients and outpatients affected. Payment and Billing info also at risk. [+] Miscellaneous => I had access to the source code. I had a high-end when it came to exploiting it. I connected to the Software, studied it, and saw that it was making foreign connections outside its jurisdiction. Furthermore, I connected to it remotely using the username, "emp0001", and password, "admin" – w00t! root. I’ve yet to report the matter to those who created the dreadful piece of software. I plan on calling them later this afternoon. Pictures: https://i46.tinypic.com/2qby68x.png https://i46.tinypic.com/2i8vtzr.png [+] Solution => The Data circuit can be defected even if you were to patch the Software Vulnerabilities. I’d recommend dismantling the Sub Connection it reads the data from and perhaps even making some mild changes to the hosting you’ve got. Application reads from Database => Pulls information that’s requested => Attacker now has the ability to do whatever the fuck he wishes. Fix is mildly simple. Thanks!

https://pastebin.com/pG42hmhy

Category: Breach Incidents

Post navigation

← 3 American Government Websites has Been Hacked By Latin Hack Team
U. professor takes on hospital in Utah Medicaid breach →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Ransomware group Gunra claims to have exfiltrated 450 million patient records from American Hospital Dubai.
  • North Shore University Sleep Disorders Center employee charged with secretly recording patients in restrooms
  • When ransomware listings create confusion as to who the victim was
  • Rajkot civic body’s GIS website hit by cyber attack, over 400 GB data feared stolen
  • Taiwan’s BitoPro hit by NT$345 million cryptocurrency hack
  • Texas gastroenterology and surgical practice victim of ransomware attack
  • Romanian Citizen Pleads Guilty to ‘Swatting’ Numerous Members of Congress, Churches, and Former U.S. President
  • North Dakota Enacts Financial Data Security and Data Breach Notification Requirements
  • Pro-Ukraine hacker group Black Owl poses ‘major threat’ to Russia, Kaspersky says
  • Vanta bug exposed customers’ data to other customers

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Florida ban on kids using social media likely unconstitutional, judge rules
  • State Data Minimization Laws Spark Compliance Uncertainty
  • Supreme Court Agrees to Clarify Emergency Situations Where Police Don’t Need Warrant
  • Stewart Baker vs. Orin Kerr on “The Digital Fourth Amendment”
  • Fears Grow Over ICE’s Reach Into Schools
  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • She Got an Abortion. So A Texas Cop Used 83,000 Cameras to Track Her Down.

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.