Ransomware & HSE

SouthWesterly

leahyl wrote: »

Exactly, I meant in general

They wouldn't be the only ones who can't use the device on their desks.

seamus

JDxtra wrote: »

Are we sure it's a targeted attack though? Maybe someone clicked on a link they shouldn't have?

A national health service in the midst of a national health crisis gets a ransomware attack?

Seems too much of a coincidence to be an accident. The HSE would be a good target as the criminals' hope would be that the HSE would just pay up to get back on track as soon as possible.

Blacknight were also the victim of a huge directed DDOS yesterday. A single customer was targetted and when Blacknight began mitigation the DDOS redirected to attack their entire infrastructure.

I wonder if it's related; were the HSE the customer being targetted?

davo2001 wrote: »

The fact that the HSE has had to shutdown it's ENTIRE network shows what a poorly implemented network security system they have, they clearly didn't learn anything from 3 years ago.

The head of IT should be fired over this (but obviously he won't be).

The head of IT has only been recently appointed. Transformation projects take years, shoring up security holes across disparate networks takes years. Firing a head of IT without having even the slightest bit of knowledge about the attack or the nature of the HSE IT infrastructure is reactionary nonsense.

People can throw around all the jokes like they like about dinosaur infrastructure in the HSE, but at the end of the day if an attacker has sufficient resources and desire to get in, they will get in. So to say that someone must have clicked a link in a dodgy email or that there was an obvious unpatched security flaw that let them in, is to make gigantic assumptions based on nothing.

SouthWesterly

Hurrache wrote: »

I'm enjoying how everyone are now both experts in pandemics and viruses, and have quickly gained expertise in IT security.

It must be all the TV they're watching, as it appears to little foundation in reailty,

Listen, don't be knocking people's expertise. Everyone has watched the IT Crowd. They know what to do .

Meirleach

touts wrote: »

If one person dies as a result of the health systems being down it should be treated as murder and an act of terrorism.

After the attack on the oil pipeline in the US I suspect those bastards will be getting a visit from Seal Team 6 anyway. Don't know if it is the same terrorist group who attacked the US but clearly this has stepped up and we need to step up our response accordingly.

https://www.technologyreview.com/2020/09/18/1008582/a-patient-has-died-after-ransomware-hackers-hit-a-german-hospital/

In Germany they've treated deaths caused by issues like this as negligent homicide investigations.

Needs to be a strong response to this but unfortunately a lot of cyber crime operates out of 'friendly' countries.

Flinty997

I dunno I think theres been big changes with digital xrays and all that. All the paper based record keeping was a nightmare.
You'd rock up for an appointment and your files were offsite (due to space issues) and had to retrieved in advance of the appointment.
Its much improved these days.

Scuid Mhór

DaSilva wrote: »

I know this is a weird take for a lot of people and I know a lot of people are really invested in crypto so I expect backlash.

I think the cryptocurrency is half the problem here, it facilitates these criminals. I understand there is little governments can do about them though, banning doesn't really have any effect. If the value of all these cryptos plummeted though, I think ransomware attacks would be far less lucrative. Pipe dream though I understand.

How much criminal money is laundered through actual currencies, specifically the US dollar, per year? Criminal use of crypto in total equates to a fraction of even that. Tiresome argument.

Scuid Mhór

Whoever did this needs to receive a few slaps at the very least.

bnt

McGaggs wrote: »

Didn't this happen to the HSE about 3 years ago? I wonder what lessons they learned from it?

Not the HSE, AFAIK, but you may be thinking about a similar situation in the UK with NHS computers.

seamus wrote: »

A national health service in the midst of a national health crisis gets a ransomware attack?

Seems too much of a coincidence to be an accident. The HSE would be a good target as the criminals' hope would be that the HSE would just pay up to get back on track as soon as possible.

Over-analysing things a bit there. The "attack" on the network is usually the result of someone on the network doing something stupid, like going to a malware site or opening a dodgy email attachment. I doubt that the HSE was "targeted" at all. It was the same with the NHS breach a few years ago.

C.O.Y.B.I.B

bnt wrote: »

Not the HSE, AFAIK, but you may be thinking about a similar situation in the UK with NHS computers.

Over-analysing things a bit there. The "attack" on the network is usually the result of someone on the network doing something stupid, like going to a malware site or opening a dodgy email attachment. I doubt that the HSE was "targeted" at all. It was the same with the NHS breach a few years ago.

A HSE hospital was hit with Petya in 2017 and there was a private hospital in Dublin that got hit with a different Ransomware in 2016. In both cases it was a user who clicked a link in an email.

AndrewJRenko

Scuid Mhór wrote: »

Whoever did this needs to receive a few slaps at the very least.

It's hard to reach agents of the North Korean government to dish out slaps.

Alun

bnt wrote: »

Over-analysing things a bit there. The "attack" on the network is usually the result of someone on the network doing something stupid, like going to a malware site or opening a dodgy email attachment. I doubt that the HSE was "targeted" at all. It was the same with the NHS breach a few years ago.

Organisations are targeted all the time via malicious emails disguised as genuine emails such as invoices from clients of those organisations. They're getting quite sophisticated about it, researching names of specific people within those organisations, addressing them by name, masquerading as genuine suppliers etc.

RebelButtMunch

Vaccination registration page now:

"Registration is currently unavailable. If you are aged 50 to 69 you can call HSELive on 1850 24 1850 to register. All vaccination appointments are going ahead as normal."

Deliverance XXV

A lot of people don't realise that there are several ransomware operators that have evolved the whole ransomware concept and brought it to a whole new level.

Some of these attackers such as can spend months in a network, mapping it out, identify data stores, finding and exploiting backup systems, capturing credentials and finding ways to maximise the impact. They then exfiltrate the data to a remote location, before encrypting and ransoming the target. The threat here is that if the target does not pay, the data will be released to the public resulting in a major data breach.

There was a pipeline in the US that recently got hit - they paid the ransom but not primarily because they wanted the decryption keys (they had backups), but to stop the data from being made public.

jester77

The worst part is people pay these ransoms Which of course only facilitates future more sophisticated attacks.

I host my own stuff at home, and one of my boxes is a QNAP, and last month there was a large ransomware attack, QLocker. It amazed me the amount of people that actually paid the ransom. It's very easy to scan for vulnerable servers and these attacks are only going to get more common in the future.

crossman47

I couldn't believe this statement from a patient advocate for expectant mothers. She said the big issue (from this attack) is not so much that pregnant women might miss an appointment, but the big issue currently for them is to enable them to have their partner to be with them during labour, which is still in question due to Covid-19 restrictions. How can having the partner there be more important than a scan?

Hurrache

Deliverance XXV wrote: »

There was a pipeline in the US that recently got hit - they paid the ransom but not primarily because they wanted the decryption keys (they had backups), but to stop the data from being made public.

Apparently it wasn't the pipeline or related infrastructure, it was elements of their BPS so they shut down completely as they wouldn't have been able to bill.

Vaccinated30

I can't get through to my GP. It says I am 1st in the queue the last hour. I assume its all linked. I'm in agony with my seized up back and really need some muscle relaxers.

ixoy

A big issue is trying to get the business side of companies and public services to fork up for IT upgrades, security in particular. It can be quite complex and, when fixing up a poor service, it's expensive.

When trying to implement it you have to first go to whoever controls the purses and try and make an argument and could often be told: "But it works right now doesn't it? And you're saying I'll have no new functionality and the system could still look the same after spending millions on some weird code and server stuff? Yeah, that's not happening." It's a very short sighted view and also, from reading comments when other cyber attacks happen across the world, an extremely common one and people aren't learning that prevention is better than cure.

is_that_so

is_that_so wrote: »

That's a different system, so not affected.

100% sure it's not affected?
It's a coincidence that the portal couldn't be accessed by somebody I know who eventually resorted to a phone call to get booked. The HSE is composed of "systems" in the plural, I would safely bet there have been a series of related hacks.

Vaccinated30

crossman47 wrote: »

I couldn't believe this statement from a patient advocate for expectant mothers. She said the big issue (from this attack) is not so much that pregnant women might miss an appointment, but the big issue currently for them is to enable them to have their partner to be with them during labour, which is still in question due to Covid-19 restrictions. How can having the partner there be more important than a scan?

Not all appointments are for scans. In fact I had many apps and very few scans. Mostly urine, BP, dietician, physio etc. Many of the apps I would happily miss or reschedule but wouldnt want my partner to miss the birth

Vaccinated30

Vaccinated30 wrote: »

I can't get through to my GP. It says I am 1st in the queue the last hour. I assume its all linked. I'm in agony with my seized up back and really need some muscle relaxers.

Can you reach by email? The only way I can in all practicality access my own GP is via email.

Pandiculation

The other problem is if the HSE comes up with a > billion Euro IT budget there’ll be uproar.

If you look at how much it’s cost to upgrade Bank of Ireland’s IT systems, you’ll get some idea of what a major system costs.

Zookey123

The IT departments in the hospitals I have worked in have been very stringent to be fair. Especially considering external data coming on to the internal network. I have had to send countless emails to retrieve blocked files. Yeah some computers could use software updates but considering the sheer volume of office staff this is not trivial.

ixoy

ixoy wrote: »

A big issue is trying to get the business side of companies and public services to fork up for IT upgrades, security in particular. It can be quite complex and, when fixing up a poor service, it's expensive.

When trying to implement it you have to first go to whoever controls the purses and try and make an argument and could often be told: "But it works right now doesn't it? And you're saying I'll have no new functionality and the system could still look the same after spending millions on some weird code and server stuff? Yeah, that's not happening." It's a very short sighted view and also, from reading comments when other cyber attacks happen across the world, an extremely common one and people aren't learning that prevention is better than cure.

Agree. A lot of these dinosaurs operating at a strategic level don't have a proactive mindset. Budgets are tied to their performance and they would rather quick wins as opposed to something that has no real visible effect..... until something like this happens when suddenly it becomes, oh **** we should have upgraded our systems with the latest technology and security.

Reliance on IT means you have to keep adapting to changes in the environment. You can't just sit back and say it works fine as it is today and leave it be.

Cyber criminals are always adapting and learning and prey on this type of mindset.

magicbastarder

ixoy wrote: »

A big issue is trying to get the business side of companies and public services to fork up for IT upgrades, security in particular. It can be quite complex and, when fixing up a poor service, it's expensive.

yeah, i think a lot of the issues the NHS faced - and are undoubtedly faced by the HSE - is that if you've a working 12 year old MRI scanner and the software runs on XP, are you going to upgrade the software at a cost of (plucks figure out of the air) €25k to stave off a malware attack which might not come?

that said, i know someone who got a job in the HSE and mentioned working on a disk array with no backup that was hooked up to a Win2k server (he told me this maybe 3 years ago).

crossman47

Vaccinated30 wrote: »

Not all appointments are for scans. In fact I had many apps and very few scans. Mostly urine, BP, dietician, physio etc. Many of the apps I would happily miss or reschedule but wouldnt want my partner to miss the birth

Well I'm male so maybe don't understand but I would regard all tests, etc as more important. They can have an impact on you or your baby's health - your partner's presence won't. I'll also admit I am from the generation of fathers who weren't left near the delivery ward (thankfully).
Good luck with your own pregnancy.

wes

whippet wrote: »

https://www.rte.ie/news/health/2021/0514/1221519-hospital-it-problem/

These ransomware attacks are already causing so much disruption ... but when they target healthcare it becomes a matter of life an death.

Fingers crossed the back ups were protected and the restore isn't too big a job

Anyone who does a cyber attack on a hospital needs to be charged with multiple counts of attempted murder, and if anyone dies due to the attack, then charged with murder.

This is beyond scummy.

Pandiculation

A lot of that is also beyond their control. Some of the medical IT systems are shockingly obsolete - you get obscure software associated with specific pieces of hardware like scanners and so on they are often just kept isolated from networks as a result.

There have even been issues when pacemakers been open to hacking, which largely came down to their being obscure hardware and nobody having really contemplated the risks of malevolence they’re exposed to.

https://www.wired.com/story/pacemaker-hack-malware-black-hat/

_Puma_

It does not sound like a trivial run of the mill ransomware attack. It seems targeted and has not being carried out arbitrarily, but by an "actor" that feels there will be no consequences for them to bring down our entire countries health system. Certainly the HSE had no choice but to take their network offline to understand what is going on, but the sounds on it is a complete network compromise.

Pandiculation

wes wrote: »

Anyone who does a cyber attack on a hospital needs to be charged with multiple counts of attempted murder, and if anyone dies due to the attack, then charged with murder.

This is beyond scummy.

They should be, but they’re likely to be untouchable in some rogue state location like North Korea, or else so well hidden online they can’t be found.

There’s basically zero likelihood of this coming from anyone local, and by local I mean within the reach of extradition.

They’re increasingly seen in the context of national security or even cyber warfare type operations.