Ransomware & HSE

Cuddlesworth

magicbastarder wrote: »

at this point i don't know if you're deliberately misreading what i'm saying. those three courses, as they stand, run to 65 hours.
i mentioned that it would cost a couple of hundred million 'just in staff time alone' were all staff to do the courses (it'd be over a million days of staff time)

but as i mentioned, the notion that 65 hours of cyber security training would be applicable for all staff (or even more than a few percent) is absurd.

I'm going to go out on a limb here and say "networking/security" personnel gets actual training, users get the standard 1 hour don't click ****. Which as far as I can tell, has never been required by users within the HSE. That says a lot.

Danonino. wrote: »

^^ This
Some of the more recent phishing emails I’ve seen have been fantastically convincing. Things have progressed very fast in that area imo.

I deleted a email this week because I thought it was spam. Turns out it was actually correct, I have received a minor award and cash bonus. And it looked like it was made by a five year old, that should probably have given it away that it wasn't a phishing attempt.

ongarite wrote: »

You haven't a notion what you are talking about.
Legacy software is a massive issue in all companies.

He might have some work experience or concept of general server administration. But a IOT company is new and would be relatively small. Few people get to really experience something the scale and age of the HSE and just don't get the sheer amount of baggage that builds up over the years.

mcsean2163

ixoy wrote: »

No they couldn't. It really isn't that easy, especially integrating a bunch of disparate networks.


"Put it in the cloud!" isn't always the solution. There's a lot of highly specialised software that is barely XP ready never mind cloud ready.

Obviously, the HSE - like many public and private sectors - could do with pumping more into their IT. But it really is not going to be a case of turning it off and on again or just clicking "Restore backup".

Put it in the cloud is one solution that would work. There are many solutions that could be implemented quickly if the clueless gatekeepers were not present, (there should be a stem degree as a minimum requirement for anyone working in HSE it).
They've had years to migrate from any software incompatible with the modern era.

Migration is the hard part. It would take me working on my own at least 6 months. Then after that it's easy.

As it is, the HSE should not be allowed to manage patient data. Unless they improve, the only stuff they should be doing is changing monitors/ keyboards or very basic support.

I'm becoming apoplectic. I'm going to have to step away.

Wasting millions is a waste. Saving millions and using secure and safe systems is the requirement.

ixoy

Cuddlesworth wrote: »

But a IOT company is new and would be relatively small.

And IoT is actually one of those areas already in trouble for gaping security holes as companies use poor security, go bust without updates, etc. If anyone should appreciate the issues that come with old tech and obsolence, it's the IoT industry.

HalfAndHalf

mcsean2163 wrote: »

Put it in the cloud is one solution that would work. There are many solutions that could be implemented quickly if the clueless gatekeepers were not present, (there should be a stem degree as a minimum requirement for anyone working in HSE it).
They've had years to migrate from any software incompatible with the modern era.

Migration is the hard part. It would take me working on my own at least 6 months. Then after that it's easy.

As it is, the HSE should not be allowed to manage patient data. Unless they improve, the only stuff they should be doing is changing monitors/ keyboards or very basic support.

I'm becoming apoplectic. I'm going to have to step away.

Wasting millions is a waste. Saving millions and using secure and safe systems is the requirement.

Where is this cloud solution that’s completely malware protected that you say is a solution that would work? It doesn’t exist!!! Surely you know this as you’re an expert it all IT specialisms!

And you saying you could migrate the entire HSE infrastructure into a cloud partner in 6 months on your own is completely ridiculous, you’ve given yourself away completely with this statement, as if the others weren’t bad enough.

mcsean2163

Hurrache wrote: »

He didn't say what his masters is in, but it's looking less likely that it's in the area he's posting about.

Telecommunications

RogerThis

mcsean2163 wrote: »

Telecommunications

Telling lies more like

It was such an awful time for this to happen with the predicament we're in with covid already. Hopefully it won't take too long to rectify but I don't know, maybe they should just pay the ransom.

mcsean2163

ongarite wrote: »

You haven't a notion what you are talking about.
Legacy software is a massive issue in all companies.
In my field, we only phased out IE11 this year for MS Edge browser.
We still have the need for old systems running WinNT and XP with legacy serial/parallel ports.

In fact, a small amount of systems/machines that make the most cutting edge CPU/GPUs are running WinNT right now.

No you don't. Instead of listening to engineering, you say upgrade in X days. You must be ready.

We still have the need for old systems running WinNT and XP with legacy serial/parallel ports.

No you don't. Upgrade. End of.

Sounds like you're in Intel. Machines running xp are a security vulnerability. If they are not networked/ throttled you should be ok but as an it professional you should simply say that they are not allowed and have to be upgraded. Keep the source code change the OS. Engineering will bitch and complain but escalate and get it done.

Tow

mcsean2163 wrote: »

Running Windows 7 in 2021 to accommodate a few legacy programs is ludicrous and sums up the HSE approach.

In the medical world that old Windows 7/XP machine would often be running a piece of kit costing tens of thousands to tens of million to replace. Not an IOT device costing a few quid, which will become junk after a couple of years. When the manufacturer loses interest in it.

theballz

mcsean2163 wrote: »

Put it in the cloud is one solution that would work. There are many solutions that could be implemented quickly if the clueless gatekeepers were not present, (there should be a stem degree as a minimum requirement for anyone working in HSE it).
They've had years to migrate from any software incompatible with the modern era.

Migration is the hard part. It would take me working on my own at least 6 months. Then after that it's easy.

As it is, the HSE should not be allowed to manage patient data. Unless they improve, the only stuff they should be doing is changing monitors/ keyboards or very basic support.

I'm becoming apoplectic. I'm going to have to step away.

Wasting millions is a waste. Saving millions and using secure and safe systems is the requirement.

I can tell you for certain that the HSE had been warned for many years that their IT landscape was not compliant with EU standards - more than once.

The lack of progress in this area was sidelined due to "budget" yet, the Irish taxpayer pays one of the highest per capita.

The HSE is just a badly run organisation, far too hierarchical. I guarantee you they couldn't even tell you who makes the decision on any major IT infrastructure refresh.

RogerThis

Turk 182 wrote: »

It was such an awful time for this to happen with the predicament we're in with covid already. Hopefully it won't take too long to rectify but I don't know, maybe they should just pay the ransom.

The HSE won't pay the ransom directly, but their cyber insurance should.

gmisk

Turk 182 wrote: »

It was such an awful time for this to happen with the predicament we're in with covid already. Hopefully it won't take too long to rectify but I don't know, maybe they should just pay the ransom.

Paying the ransom would be an absolutely moronic thing to do.

RogerThis

RogerThis wrote: »

The HSE won't pay the ransom directly, but their cyber insurance should.

Is that possible? Has there been any mention of how much they want do you know?

mcsean2163

Tow wrote: »

In the medical world that old Windows 7/XP machine would often be running a piece of kit costing tens of thousands to tens of million to replace. Not an IOT device costing a few quid, which will become junk after a couple of years. When the manufacturer loses interest in it.

I've worked on multiple medical device projects at the highest level. Upgrade. No excuses. Upgrade.

Expensive equipment causing security vulnerabilities cannot be allowed to be a reason that people cannot get treatment in our hospitals now.

kirving

mcsean2163 wrote: »

Telecommunications

With what level of industry experience?

In my workplace, a decent sized factory, even XP is run on some machinery as far as I'm aware, despite years of effort to standardise our systems.

Like a hospital, downtime to upgrade for the sake of IT security cannot be justified, so they're isolated as far as possible.

Next, how much effort is justified in rewriting software, and then revalidating every single diagnosic machine, and MRI scanner, x-ray machine, etc. to ensure that they're still accurate and reliable.

While it's not my area specifically, I'm involved in enough machinery upgrades and revalidation to say you're way out of your depth.

HalfAndHalf

mcsean2163 wrote: »

No you don't. Instead of listening to engineering, you say upgrade in X days. You must be ready.

We still have the need for old systems running WinNT and XP with legacy serial/parallel ports.

No you don't. Upgrade. End of.

Sounds like you're in Intel. Machines running xp are a security vulnerability. If they are not networked/ throttled you should be ok but as an it professional you should simply say that they are not allowed and have to be upgraded. Keep the source code change the OS. Engineering will bitch and complain but escalate and get it done.

You’re just trolling at this point, have you not got a TV?

harmless

Tow wrote: »

In the medical world that old Windows 7/XP machine would often be running a piece of kit costing tens of thousands to tens of million to replace. Not an IOT device costing a few quid, which will become junk after a couple of years. When the manufacturer loses interest in it.

I can understand the extremely expensive machines that need old software to run but what about the patient info databases that are run on MS DOS?

gmisk

gmisk wrote: »

Paying the ransom would be an absolutely moronic thing to do.

Why do you think that?

RogerThis

mcsean2163 wrote: »

I've worked on multiple medical device projects at the highest level. Upgrade. No excuses. Upgrade.

Not meaning to be rude but the attitude you are expressing is the reason people cannot get treatment in our hospitals now.

So, a medical machine that good for 25 years, you would replace it after 10, because it is not compatible with a modern OS?

Damien360

harmless wrote: »

I can understand the extremely expensive machines that need old software to run but what about the patient info databases that are run on MS DOS?

You mean the black screen inputs. I’ve seen those first hand and it’s the LIMS system. Not sure what the backend is but I’m fairly certain it’s not DOS.

mcsean2163

harmless wrote: »

I can understand the extremely expensive machines that need old software to run but what about the patient info databases that are run on MS DOS?

Upgrade. Export data to newer system if necessary.

kirving

RogerThis wrote: »

So, a medical machine that good for 25 years, you would replace it after 10, because it is not compatible with a modern OS?

Nah, just tell Engineering to rewrite the code for the MRI scanner by X date, and stick it on the cloud. Easy peasy.

gmisk

Turk 182 wrote: »

Why do you think that?

You are handing money to a criminal/criminals...and expect them to act honourably...what is the incentive for them to remove the ransomware and any other nasty pieces of code they have embedded in the systems?

HalfAndHalf

mcsean2163 wrote: »

Upgrade. Export data to newer system if necessary.

Well this threads been ruined, can everyone stop feeding the troll please.

Hibernicis

On the off chance that any HSE ICT people are reading this thread I'd just like to say that there are a lot of ICT people around the country who fully understand the nightmare you are working through, the joy you feel every time another server comes up clean, the fear you feel that the next one might just be the one that brings it all tumbling back down again, the strain of 12/14/16/18 hour days. Pay no attention to the many experts here and on twitter etc giving us the benefit of their scant knowledge and very dubious expertise.

There are a lot of us rooting for you and truly hoping for your sake and for ours that it all works out.

gmisk

gmisk wrote:

You are handing money to a criminal/criminals...and expect them to act honourably...what is the incentive for them to remove the ransomware and any other nasty pieces of code they have embedded in the systems?

I get where you're coming from alright. I don't know if this is true but I thought someone in work was saying this particular gang have form for holding up their end of the agreement if you do pay the ransom.

I'm concerned how long it might take them to get things up and running again considering the times we're in already. Hopefully they'll surprise me and turn it around faster than expected.

Damien360

mcsean2163 wrote: »

I've worked on multiple medical device projects at the highest level. Upgrade. No excuses. Upgrade.

Expensive equipment causing security vulnerabilities cannot be allowed to be a reason that people cannot get treatment in our hospitals now.

Can you imagine the uproar if the HSE dumped an MRI because they wanted shiny new windows 10. Those things cost millions and the validation time and cost is enormous. A lot of tech goes to a limited support model based on obsolescence of the boards within them. Tech moves forward but often the advance is not required for the customer. What they have does exactly what they need. Look at the advance in MRI tech alone. Instrument resolution advances with power but that power can be too much for children and therefore kids are limited to certain machines. So your purchase decision is in terms of decades and very much dependant on your patient type. Plus they need a lot of correctly designed space. Upgrade is simply not a simple decision.

JibJabWibWab

Hibernicis wrote: »

On the off chance that any HSE ICT people are reading this thread I'd just like to say that there are a lot of ICT people around the country who fully understand the nightmare you are working through, the joy you feel every time another server comes up clean, the fear you feel that the next one might just be the one that brings it all tumbling back down again, the strain of 12/14/16/18 hour days. Pay no attention to the many experts here and on twitter etc giving us the benefit of their scant knowledge and very dubious expertise.

There are a lot of us rooting for you and truly hoping for your sake and for ours that it all works out.

Tell me you are a HSE ICT worker, without saying you are a HSE ICT worker... :rolleyes:

"rooting for you" :rolleyes: :rolleyes:

gmisk

Hibernicis wrote: »

On the off chance that any HSE ICT people are reading this thread I'd just like to say that there are a lot of ICT people around the country who fully understand the nightmare you are working through, the joy you feel every time another server comes up clean, the fear you feel that the next one might just be the one that brings it all tumbling back down again, the strain of 12/14/16/18 hour days. Pay no attention to the many experts here and on twitter etc giving us the benefit of their scant knowledge and very dubious expertise.

There are a lot of us rooting for you and truly hoping for your sake and for ours that it all works out.

That is an incredibly nice thing to say fair play.
From someone who clearly understands what working in the field can actually be like!

I can tell you from personal experience that a huge amount of resources from other government departments etc have reached out to help in any way possible, mine being one of them.

Tow

RogerThis wrote: »

The HSE won't pay the ransom directly, but their cyber insurance should.

Would that insurance be the tax payers pocket or Axa insurance, who have also found them self in the same FUBAR as the HSE.