Ransomware & HSE

Cuddlesworth

Cuddlesworth wrote: »

How long have the HSE or other Irish public service orgs been treating IT as a cost that has to be reduced? Considering they have "just" implemented cyber training for all staff, I'm going to take a guess and say a very long time.

I've been contacted a few times by recruiters(networking) and I have laughed at the wages being offered. Think less then 50% of the private pay.

Not 50% but certainly less.

Network Security Engineer in the Civil Service 54-58k a year: https://www.glassdoor.ie/Salary/Irish-Civil-Service-Network-Security-Engineer-Salaries-E816419_D_KO20,45.htm

5 years ago I was Application Security Engineer at Core on 65k.

Wombatman

Pandiculation wrote: »

From what I’m reading the advantage is that it’s not one system. They shut down systems as a precaution to prevent spread.

I would guess they’ll get a lot of things up and running - cloud systems and more modern systems, isolated systems etc or systems they can be confident aren’t likely to be impacted could be returned to service fairly rapidly.

The issue might be older systems and also potentially firing up individual PCs mightn’t be that easy and could mean a lot of work visiting sites and wiping PCs without connecting them to networks etc

The big issue they would have is a very geographically spread network.

Can you really be confident about any node though, without booting it up offline and doing a full diagnosis? Absolute nightmare. Imagine trying to do it on disconnected VM hosts. Puke. They last thing you want is an infected node getting back on the network as they are trying to recover.

Even if boxes can be brought up you still have the problem of essential data being encrypted. No payroll database, no pay. Going to take months to fully recover. Paying ransom far to risky IMHO.

seamus

topdecko wrote: »

Realistically how long will this take to resolve do people think. We will have to pay the ransom to get some sort of functionality back in the system. Can then flesh out a long term response but for now we have hospitals with no internal communications, no appointment system, no notes and about a 10% lab service and a seriously curtailed radiology service - its a disaster and will lead to significant harm if it continues.

It's a "how long is a piece of string" question that depends entirely on the preparedness of the organisation.

By all accounts the I.T. system in the HSE isn't as bad and ridiculous as people love to claim it is. They're well certified and audited, more so than most companies. And most likely they have far more qualified IT security staff than most companies do.

Recovering from this kind of attack is a painful and meticulous one though. For many companies it could be the end of them. Even if they have backups, they might need weeks to patch their systems back together from scratch.

If the HSE can resume 50% service by the end of this week, they'll be doing incredibly well.

paconnors

When the NHS was atacked in 2017, how long did it take them to recover

L1011

Cuddlesworth wrote: »

How long have the HSE or other Irish public service orgs been treating IT as a cost that has to be reduced? Considering they have "just" implemented cyber training for all staff, I'm going to take a guess and say a very long time.

I've been contacted a few times by recruiters(networking) and I have laughed at the wages being offered. Think less then 50% of the private pay.

I went for an IT role in a state body that was just barely paying enough to justify it; on the basis that I'd have zero commute costs - walking distance.

Didn't get it, although I was apparently #2 if the person it was offered to didn't take it - but I think they were internal anyway.

They do still get some people applying for those roles for the pension, or are re-trained from within and go higher up the pay scale that way. But if they need fresh blood in a crisis like this, they aren't going to find any with the derisory salaries.

ThomondBardamu

McGaggs wrote: »

Didn't this happen to the HSE about 3 years ago? I wonder what lessons they learned from it?

The WannaCry ransomware attack largely affected the NHS. The HSE managed to escape the attack. They did use it as an excuse to get rid on any computers running XP (yes you read that correctly).

grimeire

Deleted User wrote: »

Not 50% but certainly less.

Network Security Engineer in the Civil Service 54-58k a year: https://www.glassdoor.ie/Salary/Irish-Civil-Service-Network-Security-Engineer-Salaries-E816419_D_KO20,45.htm

5 years ago I was Application Security Engineer at Core on 65k.

I would take salaries on Glassdoor with a lot of salt as i found in the real world the salaries are higher.


Of the 2 job offers i got in the last 4 years both had about 30% higher salary than the high range on glass door.






In case anyone is interested National Cyber Security Centre posted this about the attack

ineedeuro

Cuddlesworth wrote: »

How long have the HSE or other Irish public service orgs been treating IT as a cost that has to be reduced? Considering they have "just" implemented cyber training for all staff, I'm going to take a guess and say a very long time.

I've been contacted a few times by recruiters(networking) and I have laughed at the wages being offered. Think less then 50% of the private pay.

If you look into the pension etc they get I doubt you would be laughing.

Lantus

It's a shameful attack which is inhumane and sickening. An act of terror that willfully causes harm to innocent people mainly children and old. A war crime by any other name. Assailants should be brought to justice.

JibJabWibWab

Lantus wrote: »

It's a shameful attack which is inhumane and sickening. An act of terror that willfully causes harm to innocent people mainly children and old. A war crime by any other name. Assailants should be brought to justice.

It wasn't an "attack", it was caused by a careless idiot clicking a link in a phishing email... :rolleyes:

Hurrache

JibJabWibWab wrote: »

It wasn't an "attack", it was caused by a careless idiot clicking a link in a phishing email... :rolleyes:

Problem solved everyone! We now all know how it happened.

JibJabWibWab

Hurrache wrote: »

Problem solved everyone! We now all know how it happened.

Spoken like someone who would click on a link in a phishing email...

Madeoface

Hopefully this means that media addicted fellow Reid stops doing daily covid updates that any junior HSE executive could do once briefed and he actually does real CEO work and looks at structural problems like IT security etc.

Tow

grimeire wrote: »

In case anyone is interested National Cyber Security Centre posted this about the attack

Interesting that the Department of Health's antivirus software detected it. Hope we were not lied to by the HSE, when they told the nation on RTE it was a zero day attack!

Flinty997

grimeire wrote: »

I would take salaries on Glassdoor with a lot of salt as i found in the real world the salaries are higher.


Of the 2 job offers i got in the last 4 years both had about 30% higher salary than the high range on glass door....

Private sector for sure. In the public sector, it would very unusual to be able negotiate a different point on the scale than the one advertised. Its not impossible, but not common.

BorneTobyWilde

HSE to those demanding ransom

'' you're not getting a dime, and I will hunt you down''

VinLieger

Tow wrote: »

Interesting that the Department of Health's antivirus software detected it. Hope we were not lied to by the HSE, when they told the nation on RTE it was a zero day attack!

Hmm that is strange, potentially its possible since they are saying they got access 2-3 weeks to the HSE ago so maybe it became known and the DoH system had updated in that time frame?

political analyst

Given that chemotherapy and radiotherapy were taking place long before HSE administration was computerised, how has the cyber-attack led to cancellation of cancer treatment appointments this week? Those therapies are not necessarily dependent on computers, are they?

Flinty997

ineedeuro wrote: »

If you look into the pension etc they get I doubt you would be laughing.

Since pension is based on salary and length of service. Its not going to be the carrot you think it is, for someone mid career. What attracts those people in, is a better work life balance.

magicbastarder

Tow wrote: »

Interesting that the Department of Health's antivirus software detected it. Hope we were not lied to by the HSE, when they told the nation on RTE it was a zero day attack!

when does a zero day stop becoming a zero day?
maybe (if it *was* a zero day) it was a previously divulged one which might have been caught by client IPS/EDR and not necessarily 'traditional' AV.

magicbastarder

political analyst wrote: »

Given that chemotherapy and radiotherapy were taking place long before HSE administration was computerised, how has the cyber-attack led to cancellation of cancer treatment appointments this week? Those therapies are not necessarily dependent on computers, are they?

well, the appointments are arranged on computers, the patient data is stored there, and the machines are now often operated by a computer, so they're far more computer dependent than they used to be.

magicbastarder

JibJabWibWab wrote: »

It wasn't an "attack", it was caused by a careless idiot clicking a link in a phishing email... :rolleyes:

if your main line of defence against skilled hackers is relying on distracted medical staff who are more concerned with medical issues, or admin staff who are not IT experts, you're in the wrong job.

blaming the end users for something like this is ignorant.

JibJabWibWab

magicbastarder wrote: »

if your main line of defence against skilled hackers is relying on distracted medical staff who are more concerned with medical issues, or admin staff who are not IT experts, you're in the wrong job.

blaming the end users for something like this is ignorant.

Who said it was distracted medical staff?
How many HSE employees are working from home?

Unions demand training, and of course extra money, for the members to use these systems. Trained staff should be held responsible...

https://www.irishexaminer.com/news/arid-40187691.html

HSE staff are to get cybersecurity training as they continue to work remotely due to the impact of the Covid-19 pandemic.

More than 120,000 HSE employees will get access to classes including Introduction to Cybersecurity, Cyber Security Essentials, and Introduction to the Internet of Things. Run by technology company Cisco, the courses are online only.

Seth Brundle

Cuddlesworth wrote: »

How long have the HSE or other Irish public service orgs been treating IT as a cost that has to be reduced? Considering they have "just" implemented cyber training for all staff, I'm going to take a guess and say a very long time.

IT is widely regarded as a business cost rather than a business facilitator. How many companies will have their CIO or head of IT on the board or at least up there with senior execs? In most companies I've dealt with, the CIO would report to the Head of Finance.

topdecko

You cannot blame the individual here - as pointed out several times in the thread so far even directly after Phishing training people are vulnerable. We get many emails every day and any of them could be a trojan attack. It is futile and pointless to blame the individual here - the system must be built with the assumption that malicious actors are going to try and bring it down for monetary gain.
With that in mind how do you create a system that is more resilient? One of the issues i have working in health service/primary care is the lack of interconnectedness - labs, radiology, referrals all very clunky in comparison to EMIS in the UK. However this is likely a big bonus in terms of this ransomware attack as some services not as exposed??

magicbastarder

the training made available to HSE staff as referenced by another poster is not the sort of training you'd expect non-technical staff to take anyway. the three courses run to 65 hours in total, if you need all staff to take those courses to protect your systems, it's money very, very badly spent.

political analyst

Seth Brundle wrote: »

IT is widely regarded as a business cost rather than a business facilitator. How many companies will have their CIO or head of IT on the board or at least up there with senior execs? In most companies I've dealt with, the CIO would report to the Head of Finance.

Then what's the point of using IT in the first place?

JibJabWibWab

magicbastarder wrote: »

the training made available to HSE staff as referenced by another poster is not the sort of training you'd expect non-technical staff to take anyway. the three courses run to 65 hours in total, if you need all staff to take those courses to protect your systems, it's money very, very badly spent.

The courses are specifically to help prevent getting "hacked"...

Shane Heraty, Ireland country director for Cisco, addressed the HSE Digital Academy Forum on Wednesday.

He told the Irish Examiner: “The HSE is embarking on a process of digitalisation and the primary purpose of these courses is to empower HSE staff to come along on that journey, too. HSE employees can avoid falling victim to hackers.”

Topics include data privacy and how to prevent hackers taking control of a system to earn a ransom payment.

https://www.irishexaminer.com/news/arid-40187691.html

political analyst

topdecko wrote: »

You cannot blame the individual here - as pointed out several times in the thread so far even directly after Phishing training people are vulnerable. We get many emails every day and any of them could be a trojan attack. It is futile and pointless to blame the individual here - the system must be built with the assumption that malicious actors are going to try and bring it down for monetary gain.
With that in mind how do you create a system that is more resilient? One of the issues i have working in health service/primary care is the lack of interconnectedness - labs, radiology, referrals all very clunky in comparison to EMIS in the UK. However this is likely a big bonus in terms of this ransomware attack as some services not as exposed??

The individual doesn't need intensive training to understand the likelihood that a strange e-mail contains malware. What happened to common sense?

magicbastarder

JibJabWibWab wrote: »

The courses are specifically to help prevent getting "hacked"...

yes, as the quote suggests, it's for techies; not for non-technical staff.