Ransomware for District Health Board
| # | Post |
|---|---|
| 1 | Do computer installations not backup their data every day? We used to take our backups to the bank every day in case our building burned down. trade4us2 - 2021-05-26 03:04:00 |
| 2 | They say they have backups but that's only part of the issue. I think the attack locked their computers. And they have thousands of them. It's a huge issue to fix. Edited by nice_lady at 6:45 am, Wed 26 May nice_lady - 2021-05-26 06:45:00 |
| 3 | A common trend is to use virtual servers, and make backups by taking snapshot images of the entire virtual space - the operating system, application and data. Malicious software can lie dormant for weeks, and make copies on other connected servers, workstations and embedded controllers like MRI machines. So all of your backups going back for some time could be riddled with it - and that's a good word, it's a riddle to figure out which of your servers, workstations, embedded controllers and backups are safe to use. There's a suggestion that this DHB has been in turmoil for years, .cast your mind back to the Canadian CEO Nigel Murray. gyrogearloose - 2021-05-26 07:20:00 |
| 4 | Couldn’t read the articles but this is concerning. Also: lakeview3 - 2021-05-26 07:36:00 |
| 5 | Any DHB systems are incredibly complex. It's the nature of this modern world. And unfortunately there are crooks who will take advantage. It's a sad commentary on humans. Massive, chronic, Govt underfunding for decades hasn't helped. Edited by nice_lady at 7:43 am, Wed 26 May nice_lady - 2021-05-26 07:42:00 |
| 6 | nice_lady wrote: I agree nice lady. What kind of person does this? I so feel sorry for all the patients and staff affected. lakeview3 - 2021-05-26 07:47:00 |
| 7 | And their systems are probably still running on Windows XP. The local Mitre 10 is still running on a Telnet client. tygertung - 2021-05-26 07:59:00 |
| 8 | Another common misconception is that Business Continuity is an IT problem - if it breaks, then's it's up to IT to fix it. But actually, the business units should be making continuity plans and running tests without relying on IT. Like, how do we plan patient visits if the phone system, planner and email are down and we can't use them to see or update the schedule? How do we roster staff and record their hours? How do we pay our staff and suppliers, and order consumables? gyrogearloose - 2021-05-26 08:01:00 |
| 9 | nice_lady wrote: I worked for a DHB twice - not that one, but their IT procedures were utterly shocking, all the places I'd worked, the DHB was the worst. lythande1 - 2021-05-26 08:09:00 |
| 10 | lythande1 wrote:
It effectively locks the systems so as to make them unusable. Backups for EVERYTHING ? Full daily system images - yeah right. Not happening I'd guess. And as stated above the infection trigger(s) are/is quite possibly lodged into the system well before it hits so that re-instating backups might just, potentially at least, reload the problem again.................. nice_lady - 2021-05-26 08:25:00 |
| 11 | It's a political problem. "Every dollar spent on IT is a dollar not spent on patients". And it's true every year until it isn't. soundsgood - 2021-05-26 15:05:00 |
| 12 | soundsgood wrote:
yes it's a political problem but it's not dollars spent on IT aren't spent on patients. Simply theres just not enough dollars spent on patients and the health system in general and where it goes is for all sorts of stupid stuff and IT hasn't got much to do with that. nice_lady - 2021-05-26 15:45:00 |
| 13 | never understood why government hasn't changed to Linux, its free and they wouldn't have this problem. sirrab - 2021-05-26 17:24:00 |
| 14 | sirrab wrote: have a quick google for linux ransomware... king1 - 2021-05-26 17:43:00 |
| 15 | sirrab wrote:
Yeah. That would apply to EVERY business and Govt world wide. Yet YOU seem to have thought of it and they didn't? Hmmm.... Edited by nice_lady at 5:56 pm, Wed 26 May nice_lady - 2021-05-26 17:54:00 |
| 16 | lythande1 wrote:
When I started work at a DHB 9 years ago we were using WinDOS with a dot matrix printer., in the hospital pharmacy. fpress - 2021-05-26 23:10:00 |
| 17 | https://windows-never-released.fandom.com/wiki/WinDOS tygertung - 2021-05-27 08:08:00 |
| 18 | Firstly they don't use linux because theres few people with skills to setup, maintain, and secure it. Secondly a lot of their medical equipment is designed to talk with windows. bitsnpieces2020 - 2021-05-27 08:34:00 |
| 19 | Linux is the most used operating system for non desktop use so there is plenty of people with the skills. Pretty much the whole internet runs on Linux. "For public Internet servers, Linux is generally counted as dominant, powering well over twice the number of hosts as Windows Server – which is trailed by many smaller players including traditional mainframe OSes. Since November 2017, the supercomputer field is completely dominated by Linux – with 100% of the TOP500 now running on a Linux distribution. " https://en.wikipedia.org/wiki/Usage_share_of_operating_syste tygertung - 2021-05-27 12:21:00 |
| 20 | nice_lady wrote: hound31 - 2021-05-27 12:38:00 |
| 21 | bitsnpieces2020 wrote: F&P ran the factory servers on it. The internet runs on it. I worked for Medtech once, it ran on it too then. However, Linux isn't the point, images and backups are. The DHB persists in refusing to ask for help and admitting they have no idea what they're doing. Edited by lythande1 at 4:36 pm, Thu 27 May lythande1 - 2021-05-27 16:35:00 |
| 22 | The problem is a lack of expertise in running serious mainframe class data centres with the associated change control and redundancy provisions. ICT is a VERY immature science and most executives don't grasp the risk to business when it is running on such and unstable and undocumented heap of vendor directed crap. These wee incidents keep happening, those of us with experience got so frustrated that we cannot learn from the past and build properly managed systems. Mostly there is a complete disconnect between what the CEO is told or believes and the reality at the sharp end. I have been pulled into too many of these. the incompetency and waste of stakeholder's money is horrific. That the CEO of the DHB could stand up early and say it would be all sorted by next week with no data leaks proves my point. Unfortunately millions of items of health data on NZ citizens is going to leak out, this will be no different to the other ransomeware attacks in the past, and will be repeated again. tony9 - 2021-05-27 18:46:00 |
| 23 | tygertung wrote: bitsnpieces2020 - 2021-05-27 19:16:00 |
| 24 | gyrogearloose wrote: it didn't break it was not secured properly. If you employed a security guard, and people came in and stole your shops stock, its perfectly normal to blame the security guard for not doing their job. bitsnpieces2020 - 2021-05-27 19:20:00 |
| 25 | bitsnpieces2020 wrote:
Business Continuity should be in place for all business, at least those where the customer (patient) is affected. There are many reasons as to why an IT system might not be functional but the general presumption/assumption is that any outage would be relatively brief. But as I noted before, it's yet another area where any money spent is money not spent on patients so the politics of dealing with the reality of a limited spend apply again. Similarly, setting up a network with internal firewalls is an extra expense both to implement and to maintain - and any exception could invalidate the whole exercise. Step 1 might be to have stronger controls on the management of attachments in emails. And the staff hours to manage exceptions. soundsgood - 2021-05-27 22:11:00 |
| 26 | bitsnpieces2020 wrote: if the guard is confronted one on one perhaps, but that analogy doesn't hold if the security guard is confronted by overwhelming odds, say a half dozen thugs - no one in their right mind is going to blame the guard, who is probably lying in a hospital bed ironically... Is it economically feasible to permanently place a larger number of guards onsite to reduce the risk of this occurrence? where does it stop? more thugs, more guards etc etc... Edited by king1 at 11:06 pm, Thu 27 May king1 - 2021-05-27 23:03:00 |
| 27 | what? theres no personal risk to IT staff doing security. Talk about how to break an analogy. bitsnpieces2020 - 2021-05-27 23:15:00 |
| 28 | nice_lady wrote: It's not about funding - more about the calibre of the staff building and maintaining these systems. Pay monkey money, get monkey performance. That said, much of the cash gets wasted on other things like $28M for a simple relational database to manage the Covid vacinations. tegretol - 2021-05-27 23:40:00 |
| 29 | soundsgood wrote: Step 2 might be to disable all USB ports at BIOS level. tegretol - 2021-05-27 23:42:00 |
| 30 | But then how will you plug in a keyboard? tygertung - 2021-05-28 08:13:00 |
| 31 | tegretol wrote:
I doubt that'll help much - the ransomware attacks generally happen from Email attachements being opened. nice_lady - 2021-05-28 08:24:00 |
| 32 | bitsnpieces2020 wrote: lol - risk to the organisation from bad actors etc The level of risk needs to be assessed and mitigating identified risks/threats comes at a cost - so at some point the risk level is too low to justify the expense of mitigating. It's all rather subjective, at some point it becomes to expensive to mitigate the risks of certain threats. Of course i'm still referring to the original analogy about shops and guards. Edited by king1 at 8:37 am, Fri 28 May king1 - 2021-05-28 08:34:00 |
| 33 | tygertung wrote: built in bluetooth would be the only option then... king1 - 2021-05-28 08:40:00 |
| 34 | tegretol wrote: I've never been involved in anything on that scale but we're not talking a simple DB in Access. We want Good & Fast Edited by king1 at 8:47 am, Fri 28 May king1 - 2021-05-28 08:46:00 |
| 35 | nice_lady wrote: mrfxit - 2021-05-28 08:52:00 |
| 36 | mrfxit wrote:
A classic local attack is just to leave some USB drives in a car park of the target organisation with interesting files on them. I used this to prove the vulnerability of a couple of sites in NZ a few years ago. Both got infected with a benign virus as a demo. tony9 - 2021-05-28 09:10:00 |
| 37 | tony9 wrote: Yep, people are the greatest threat to networks... king1 - 2021-05-28 09:19:00 |
| 38 | I am a little surprised to see so few of us questioning the morals of a hacker who would attack a dhb, or any health based organisation for that matter. Is it because they are so lousy at their work that taking on a bank or an insurance company or a real estate firm is just too hard? Better targets surely, and more likely to pay up... oh_hunnihunni - 2021-05-28 09:31:00 |
| 39 | it's a given that they have no morals... people's health records are far more personal and private than bank balances so favourable to the hacker... and the banks probably spend far more money on their IT/Security systems because the risks are far greater from their perspective, liability, financial loss etc... king1 - 2021-05-28 09:43:00 |
| 40 | king1 wrote:
Would bluetooth work before the machine is booted into the OS? It might render the machine unusable if there is an operating system error? Do new machines still have PS2 ports? Could use PS2 keyboard and mouse maybe?! tygertung - 2021-05-28 09:46:00 |
| 41 | The governance of DHB is in the hands of enthusiast amateurs... any clown can get voted onto the DHB board.. experience at running a big business is not needed, so I think any expertise or even advanced awareness of things IT would be a rarity.. One of the problems associated with using Linux, which is free to obtain, is that if it goes wrong or plays up the "supplier" has no obligation to fix or help to fix.. Business likes to know that by buying "big bit of kit", for say $200,000, that part of this price is to pay for ongoing support and also to retain the suppliers interest in keeping you happy on the off chance you want to buy more stuff in the future !! You would be hard pressed to claim your rights under the CGA for something that was a freebie !! As to why hack a hospital / medical database instead of bank... you can do potentially more damage releasing details of Mr Smiths "nasty rash" in a very personal place than releasing that he has $50,000 in the bank !! onl_148 - 2021-05-28 13:42:00 |
| 42 | tony9 wrote:
Yes but these ransomware attacks are NOT locally generated. nice_lady - 2021-05-28 13:51:00 |
| 43 | These ransomware purveyors and other hackers dont' give a damn who they attack. They're busy attacking many different organisations across the world. I think it''s a 'scattershot' effort - the more they hit the more chance of a payout and as for 'morals' ........doh.......they don't have any otherwise they wouldn't be engaged in criminal activity such as this which can and does affect thousands if not millions of people. nice_lady - 2021-05-28 13:54:00 |
| 44 | bitsnpieces2020 wrote: I wouldn't like to work for you. A security guard is a deterrent.If I was a security guard employed by you, following the procedures by the book and yet stock was stolen, and you regarded it as "perfectly normal to blame the security guard" - I'd file a personal grievance and lawyer up. I wouldn't tolerate it, and I'd make an example of you and get your name published in the newspaper. gyrogearloose - 2021-05-28 14:20:00 |
| 45 | gyrogearloose wrote:
yep. No security guard has the right to actually detain any shoplifter and they are certainly not to be blamed for the actions of a theif. nice_lady - 2021-05-28 14:28:00 |
| 46 | oh_hunnihunni wrote:
They would attack that sort of organisation because they are soft taegets, known for sloppy practices, nothing to do with morals. However those same organisations have a moral responsibility to look after patient data as if it were health critical - as it is. Imagine if they changed consultant's instructions to ward specialists, changed dosing pumps etc. etc.. All possible from a network these days. tony9 - 2021-05-28 14:31:00 |
| 47 | onl_148 wrote:
There is no IT salesman to take the IT manager to lunch each month! Businesses also don't (and usually can't) rely on the CGA. It's not a BGA. soundsgood - 2021-05-28 16:41:00 |
| 48 | tygertung wrote: www.endpointprotector.com locked to dedicated USB port. Edited by tegretol at 9:22 pm, Fri 28 May tegretol - 2021-05-28 21:21:00 |
| 49 | king1 wrote:
USB restriction can be in many forms, USB use can be restricted to certain devices only. You can get a code off them ans white list them, allowing access to specific USB devices. Use of secure USB’s restricted to a certain brand only, enforced password protection to stop access if they are lost etc. christin - 2021-05-29 07:18:00 |
| 50 | This helps signal the end of regional DHBs. A single national health body would have very high level IT staff ensuing best practise security is enforced nation wide. The problem with DHBs is that you have a lot of them; some struggle with budgets despite consuming huge amounts of money, they have complex IT systems that are scattered around many sites, hold sensitive data and it just needs a one or two weak points like an overworked underfunded IT manager in one to end up with an IT disaster. One report said that there was something like 600+ servers in the DHB. I struggle to believe that, but the fact that everything was linked so the entire DHB was hit indicates a real IT management issue. I really hope that like after an aircraft crash, there is a full and open explanation made so that every organisation can learn and harden systems. Problem is that many organisations that get hit, just try and keep it hidden, so the bad guys then can repeat the exactly same attack on another soft target. gblack - 2021-05-29 09:08:00 |
