| Item | Details | |------|----------| | | Middlesex virus strain 679 (commonly abbreviated MIDV‑679 ) | | Family | Rhabdoviridae – genus Vesiculovirus | | Genome | Single‑stranded, negative‑sense RNA (~11.2 kb) | | First isolation | 2018, from a wild Culex mosquito pool in Middlesex County, New Jersey, USA | | Primary host | Mosquitoes (Culex spp.) – zoonotic reservoir; occasional spill‑over to mammals (rodents, domestic livestock, humans) | | Key distinguishing features | - Five unique amino‑acid substitutions in the glycoprotein (G) gene that increase affinity for human‑type receptors. - A 78‑bp deletion in the non‑structural (NS) gene, linked to attenuated neurovirulence in murine models. |
| Impact | Description | |--------|-------------| | | Full compromise of the host allows exfiltration of all stored DICOM studies, patient identifiers, and audit logs. | | Integrity | Attacker can modify or delete imaging data, tamper with diagnostic reports, and insert forged images. | | Availability | Remote code execution can be leveraged to install ransomware, crash services, or create persistent back‑doors. | | Privilege Escalation | The MIDV service runs as a dedicated, low‑privilege system user ( midv ). However, the user has write access to the application’s webapps directory and the DICOM storage root ( /opt/midv/data ), which is sufficient for further lateral movement in typical hospital networks. | | Regulatory | A breach of protected health information (PHI) triggers HIPAA violations and potentially GDPR fines if patient data of EU citizens is involved. | MIDV-679