FMCSA’s examiner registry outage caused by attempted malware plant

e-log-shift-hacking-lead-featured-2017-09-06-14-47-2018-05-07-15-59

An attempt by an unknown source to plant malicious software (aka malware) on the Federal Motor Carrier Safety Administration’s database of agency-approved medical examiners is the root cause of the lingering outage of FMCSA’s National Registry of Certified Medical Examiners (NRCME), the agency has told CCJ.

“Malware was introduced to the server but was not activated,” FMCSA says. “It does not appear that an intentional attempt was made to access or compromise data.”

The attempted malware attack itself is not to blame for the site’s outage. Rather, the agency says it took the system offline to do a risk assessment and to redeploy a new, more secure system.

The agency said it is “working diligently to deploy a functional and secure solution as quickly as possible.” The ongoing technical issues prompted FMCSA last week to delay the enactment of a system meant to combine drivers CDLs and medical certificates by three years — to June 2021.

The agency told CCJ in late March that no personal information of drivers, examiners or carriers had been compromised in the attempted malware plant.

The NRCME has been down now for more than 5 months, and the agency says it does not have a date by which the system will come back online. It has operated on limited functionality since March, allowing truckers to find certified medical examiners by zip code. However, medical examiners have been unable to upload the results of drivers’ DOT physicals since the site’s outage began in early December. Examiners interviewed by CCJ in January said a backlog of exam results had already started to mount then, meaning there’s likely a daunting number of backlogged exam results awaiting to be uploaded now.