| Recurring |
one_organization, multiple_organization |
(a) The software failure incident related to leaking valuable information to the internet and leaving critical systems vulnerable to hacking has happened again within the same organization. The incident was discovered by researchers examining the security of hospital networks, and they found that a large health care organization was spilling information about 68,000 systems connected to its network [27620].
(b) The software failure incident has also happened at multiple organizations globally. The vulnerability uncovered by the researchers was not limited to just one organization but was identified as a global healthcare organization issue, affecting thousands of organizations across the world [27620]. |
| Phase (Design/Operation) |
design, operation |
(a) The software failure incident related to the design phase can be seen in the article where researchers found that many hospital networks were leaking valuable information to the internet due to misconfigurations in the system design. Specifically, the problem was identified as internet-connected computers not being configured securely, using unpatched versions of Windows XP vulnerable to exploits, and misconfigurations in the Server Message Block (SMB) protocol that allowed data to broadcast externally [27620].
(b) The software failure incident related to the operation phase is evident in the same article where it was highlighted that the vulnerability in hospital networks was due to the operation of these systems. The misconfigurations in the SMB service, which allowed outsiders to see sensitive information, were a result of the operation and maintenance practices within the healthcare organizations. The failure to properly configure external edge networks and not taking security seriously in the operation of these systems contributed to the exposure of critical information to potential hackers [27620]. |
| Boundary (Internal/External) |
within_system, outside_system |
(a) within_system: The software failure incident in the articles is primarily within the system. The vulnerability that allowed hackers to locate vulnerable systems and potentially hack into medical devices was due to misconfigurations within the hospital networks. Specifically, the issue stemmed from network administrators enabling Server Message Block (SMB) on computers facing the internet and misconfiguring it, allowing data to broadcast externally [27620].
(b) outside_system: The software failure incident also involves factors originating from outside the system. Hackers were able to exploit the vulnerability in the hospital networks to locate and potentially hack into medical devices. This external threat posed by hackers targeting the exposed systems from the internet contributed to the software failure incident [27620]. |
| Nature (Human/Non-human) |
non-human_actions, human_actions |
(a) The software failure incident occurring due to non-human actions:
- The vulnerability in hospital networks that leaked valuable information to the internet, making critical systems and equipment vulnerable to hacking, was primarily due to misconfigured internet-connected computers that were not securely configured, as well as the misconfiguration of the Server Message Block (SMB) protocol on external-facing systems [27620].
(b) The software failure incident occurring due to human actions:
- The article highlights that the vulnerability in hospital networks was a result of health care organizations being sloppy in configuring their external edge networks and not taking security seriously. It mentions that security teams at these organizations often focus solely on HIPAA compliance rather than conducting penetration testing and vulnerability maintenance to secure their systems effectively [27620]. |
| Dimension (Hardware/Software) |
hardware, software |
(a) The software failure incident occurring due to hardware:
- The vulnerability in hospital networks that leaked valuable information to the internet was due to an internet-connected computer that was not configured securely, allowing data to broadcast externally [27620].
- The vulnerability was related to the misconfiguration of the Server Message Block (SMB) service on computers facing the internet, enabling outsiders to see sensitive information that should only be available to network staff [27620].
(b) The software failure incident occurring due to software:
- The vulnerability in hospital networks was exacerbated by systems using unpatched versions of Windows XP, making them vulnerable to an exploit used by the Conficker worm [27620].
- The failure to properly configure the SMB service on external-facing systems or reconfigure it to only broadcast data internally contributed to the software failure incident [27620]. |
| Objective (Malicious/Non-malicious) |
malicious |
(a) The software failure incident described in the articles is malicious in nature. The incident involves vulnerabilities in hospital networks that leak valuable information to the internet, leaving critical systems and equipment vulnerable to hacking. The data leak allows hackers to easily locate and map systems to conduct targeted attacks, potentially compromising medical devices like pacemakers and defibrillators. The vulnerability was uncovered by researchers who found that health care organizations were sloppy in configuring their external edge networks, making them susceptible to exploitation by attackers. The incident highlights the serious security risks posed by misconfigured systems and unpatched software, which could be exploited by malicious actors to harm patients and disrupt medical operations [27620].
(b) The software failure incident is non-malicious in the sense that the vulnerabilities and misconfigurations in hospital networks were not intentionally introduced to harm the system. Rather, they were a result of negligence and lack of proper security measures in configuring external-facing systems. The incident underscores the importance of proper cybersecurity practices and the need for health care organizations to prioritize security beyond just regulatory compliance. The vulnerability could have been easily fixed by disabling the SMB service on external-facing systems or reconfiguring it to only broadcast data internally, thus preventing the leakage of sensitive information to the internet [27620]. |
| Intent (Poor/Accidental Decisions) |
poor_decisions, accidental_decisions |
(a) The software failure incident described in the article is primarily due to poor decisions made by network administrators in configuring the hospital networks. The vulnerability that allowed hackers to locate and exploit vulnerable systems was a result of misconfiguring the Server Message Block (SMB) service on computers facing the internet, enabling data to be broadcast externally [27620]. Additionally, the article highlights that health care organizations were sloppy in configuring their external edge networks and not taking security seriously, leading to the exposure of critical systems and equipment to potential hacking attacks [27620].
(b) The software failure incident can also be attributed to accidental decisions or unintended mistakes made by network administrators. For example, the use of unpatched versions of Windows XP on systems connected to the internet made them vulnerable to exploits like the Conficker worm, indicating a lack of proper maintenance and updates [27620]. Furthermore, the exposure of sensitive information about hospital networks and devices to the internet was likely unintentional, resulting from misconfigurations rather than deliberate actions [27620]. |
| Capability (Incompetence/Accidental) |
development_incompetence, accidental |
(a) The software failure incident in the articles can be attributed to development incompetence. The incident involved a vulnerability in hospital networks where valuable information was leaked to the internet, leaving critical systems and equipment vulnerable to hacking. This vulnerability was due to misconfigurations in the Server Message Block (SMB) service on internet-connected computers, which allowed data to be broadcast externally, making it possible for hackers to locate and target vulnerable systems [27620]. The lack of proper configuration and security measures on these systems, including the use of unpatched versions of Windows XP, demonstrated a lack of professional competence in securing the hospital networks.
(b) Additionally, the incident can also be considered accidental as the exposure of sensitive information and vulnerabilities in the hospital networks was not intentional but rather a result of misconfigurations and oversight by network administrators. The leak of data that enabled hackers to locate vulnerable systems was not a deliberate act but a consequence of the misconfigured SMB service on external-facing systems, which inadvertently broadcasted data externally, exposing critical systems to potential attacks [27620]. |
| Duration |
permanent |
(a) The software failure incident described in the articles seems to be more of a permanent failure. The vulnerability in the hospital networks that leaked valuable information to the internet, allowing hackers to easily locate and map systems for targeted attacks, was a result of misconfigurations and lack of proper security measures in the systems [27620]. This type of failure, caused by systemic issues and poor practices, can be considered permanent until the underlying vulnerabilities are addressed and fixed. |
| Behaviour |
omission, other |
(a) crash: The software failure incident described in the articles does not specifically mention a crash where the system loses state and stops performing its intended functions.
(b) omission: The incident involves a failure related to omission, where the system omits to perform its intended functions at an instance(s). The vulnerability discovered by the researchers allowed for the leakage of valuable information to the internet, leaving critical systems and equipment vulnerable to hacking. This omission of proper security configurations led to the exposure of sensitive data [27620].
(c) timing: The incident does not involve a failure related to timing, where the system performs its intended functions but at the wrong time.
(d) value: The software failure incident does not involve a failure related to value, where the system performs its intended functions incorrectly.
(e) byzantine: The incident does not involve a failure related to byzantine behavior, where the system behaves erroneously with inconsistent responses and interactions.
(f) other: The behavior of the software failure incident can be categorized as a failure due to a security vulnerability that allowed for the leakage of sensitive information, making critical systems and equipment vulnerable to hacking. This behavior falls under the category of a security flaw that exposes the system to potential attacks and unauthorized access [27620]. |