Ransomware & HSE

Allinall

theguzman wrote: »

I was just reading the HSE list now and realized I am in Cohort 7 and am entitled to a vaccine despite being in my early 30's. How do I get it?

theguzman wrote: »

The HSE is like a cancer on Irish society, €20bn a year dumped into that disgrace of an organisation and nothing even plausibly resembling healthcare is delivered. The HSE is a glorified social employment scheme and an absolute disgrace. I am happy this has happened and anything that can further damage or destroy that entity is a bonus until it is finally privatised and the Unions banned out of it.

Hope you're sent to the back of a very long queue.

MikeSoys

BattleCorp wrote: »

Even if you invest a fortune, it's hard to make systems very secure when all it takes is one gobsh1te to click on a link and open the front door for hackers.

but cant you filter all email traffic on the mail server - you can stop emails from non trusted senders before it gets to somones inbox.

cnocbui

The DarkSide hackers who shut down the Colonial Pipeline in the US appear to have been paid, in total, at least $90 M in bitcoin by various victims.

https://www.cnbc.com/2021/05/18/colonial-pipeline-hackers-darkside-received-90-million-in-bitcoin.html

Without negative consequences being delivered, this stuff is only going to get worse.

Hurrache

cnocbui wrote: »

The DarkSide hackers who shut down the Colonial Pipeline in the US appear to have been paid, in total, at least $90 M in bitcoin by various victims.

https://www.cnbc.com/2021/05/18/colonial-pipeline-hackers-darkside-received-90-million-in-bitcoin.html

Without negative consequences being delivered, this stuff is only going to get worse.

I know it's the media's take in order to dramatise it that bit more, but I don't think they shut down the pipeline, they attacked the companies systems and they feared losing the ability to record and bill for usage so they themselves shut it down.

Turtwig

MikeSoys wrote: »

i dont know much about this but understand HSE spends around 1/4 less on IT systems then EU average..all the cheaping out looks like its to be undone done.

If this was a public company the market would be looking for a head over this(termination of empoyment with no big payouts)...

Firing people is often the cosmetic fix. Sometimes an individuals position is untenable. However sometimes it's cheap theatre. The scapegoat is used to delude an organisation or its customers they've fixed the problem when in reality the issue is systemic and runs much deeper.

Dublinflyer

MikeSoys wrote: »

but cant you filter all email traffic on the mail server - you can stop emails from non trusted senders before it gets to somones inbox.

You can, but the person is always the one variable you cant control. A big part of this is internal education on how to spot something that's not quite right. I work for a huge US telecommunication company that had a major breech about 17 years ago. Huge damage done, but now they throw money at security and the internal security team have the power needed to do their job. We have to do so many online classes on how to spot things it's not funny, and I work in IT!

It's all about money with this kind of thing, and as someone said IT is seen as a cost and it's not until something happens some investment is made.

hmmm

MikeSoys wrote: »

but cant you filter all email traffic on the mail server - you can stop emails from non trusted senders before it gets to somones inbox.

Some of the malware variants will infect a user and inject their emails into an ongoing email conversation. You'll get an email from someone you know, as part of a conversation, but it will be from an attacker.

There are no easy answers here, cybercrime is advancing probably quicker than our ability to defend from it. I'm delighted to hear that Simon Coveney got to speak with Lavrov about this today, we can't control this if the criminals can operate without consequences.

kippy

Keyzer wrote: »

Bear in mind chaps, a number of variants of Windows 10 are now end of life/end of support also. Windows 10 is not a panacea here.

And this is a major issue.....people don't seem to realise this at all.
Windows 10 is nearly a bigger issue for IT departments than anything it has replaced.

Some people seem to think that going from one version of an operating system to a newer version across thousands of devices in a diverse environment is a weekend job.
Obviously they've never been involved in such a project.

What has helped make thing a bit easier from an applications standpoint is web applications that takes a lot of the reliance off the operating system. These apps also have to run on an OS somewhere which also bring its challenges.

Dempo1

highgiant1985 wrote: »

Where was that said?

Irish Examiner

TomOnBoard

Donald Trump wrote: »

Wait til they publish your very own prescriptions for helping combat your knob rot to the dark web :P


Being serious, how the f could you be enjoying it? Very weird. People will be genuinely suffering over this and you are happy. Weird

Not just weird.. Sick!

Dempo1

theguzman wrote: »

Health care staff wont be paid this week, what are the odds that the hackers have cleaned out payroll funds too?

I am enjoying the whole thing and have zero sympathy for the HSE or the slots employed within, it is the poor frontline staff I have pity for getting screwed over daily in that behemoth of waste.

Whilst I've zero sympathy for Senior HSE staff and I'm referring to the Cohort who are the very top, you must understand Frontline Staff are employed within the HSE?

DublinWriter

BattleCorp wrote: »

Even if you invest a fortune, it's hard to make systems very secure when all it takes is one gobsh1te to click on a link and open the front door for hackers.

Nope.

a) Just invest in a proper CMS and don't have your 'crown-jewels' out in open network shares.

b) Configure your Exchange server (other alternatives are available) not to accept emails from untrusted external domains, and especially emails from ones that have an embedded HTML link

It's basic enterprise security policy. My contacts tell me that a centralised IT Change and Risk Management function was not in place in the HSE and that they were still operating like the individual pre-HSE Health Boards.

But from what I'm hearing so far is that the issues were far more basic - they weren't even backing up and off-lining back up data, still using XP clients and using MS Access to store data.

I don't think it was a sophisticated hack at all - more like a brick through a window.

TomOnBoard

theguzman wrote: »

The HSE is like a cancer on Irish society, €20bn a year dumped into that disgrace of an organisation and nothing even plausibly resembling healthcare is delivered. The HSE is a glorified social employment scheme and an absolute disgrace. I am happy this has happened and anything that can further damage or destroy that entity is a bonus until it is finally privatised and the Unions banned out of it.

Its one thing for lads to come in here and spoof to beat the band and pretend to be 300 years working in IT and have all the answers as to how the ransomware situation should be dealt with. That kind of puffery is probably to be expected.. But, when a lad comes in with so much hatred for a service that keeps thousands of ppl alive every day and heals the illnesses of thousands of others, and expresses happiness that the information life-blood of that system has been grieviously damaged, I think we have now plumbed the depths! Jesus Wept!

Keyzer

MikeSoys wrote: »

i dont know much about this but understand HSE spends around 1/4 less on IT systems then EU average..all the cheaping out looks like its to be undone done.

Hearsay and rumour at the moment. Show me evidence of this.

MikeSoys wrote: »

If this was a public company the market would be looking for a head over this(termination of empoyment with no big payouts)...

Not necessarily - if it turns out the senior management team were informed they were extremely susceptible to this type of attack and did nothing then, yes, someones head should roll. If, on the other hand, this is something that catches an organisation by surprise, its a different story.

My hunch is its the former.

But this is the HSE and Ireland, that won't happen - Reid will pawn this off as something they couldn't have prepared for.

Keyzer

TomOnBoard wrote: »

Its one thing for lads to come in here and spoof to beat the band and pretend to be 300 years working in IT and have all the answers as to how the ransomware situation should be dealt with. That kind of puffery is probably to be expected.. But, when a lad comes in with so much hatred for a service that keeps thousands of ppl alive every day and heals the illnesses of thousands of others, and expresses happiness that the information life-blood of that system has been grieviously damaged, I think we have now plumbed the depths! Jesus Wept!

Hear hear.

Best to ignore people like this.

kippy

DublinWriter wrote: »

Nope.

a) Just invest in a proper CMS and don't have your 'crown-jewels' out in open network shares.

b) Configure your Exchange server (other alternatives are available) not to accept emails from untrusted external domains, and especially emails from ones that have an embedded HTML link

It's basic enterprise security policy. My contacts tell me that a centralised IT Change and Risk Management function was not in place in the HSE and that they were still operating like the individual pre-HSE Health Boards.

But from what I'm hearing so far is that the issues were far more basic - they weren't even backing up and off-lining back up data, still using XP clients and using MS Access to store data.

I don't think it was a sophisticated hack at all - more like a brick through a window.

As a matter of interest have you worked in an IT Infrastructure in a similiar organisation in the past?

Turtwig

Keyzer wrote: »

Hearsay and rumour at the moment. Show me evidence of this.

Tony O'Brien, former Director General of the HSE, said it in an interview to RTÉ. He was referring to his time in the organisation as far as I recall. I doubt the ratio improved since. (Probably got worse!)

Hurrache

Hurrache wrote: »

- Hi, get Marty on the phone?
- Marty?!?
- The Back to the Future guy. We have a budget to spend on some of our applications but we want to know what operating systems will be like in 10 years. If the apps aren't compatible, no point in buying.
- Ah sure just pretend there's no need for drivers,
- Erm, our "Hello World" is failing.
- That'll be the lack of drivers for you.

TomOnBoard

Turtwig wrote: »

Tony O'Brien, former Director General of the HSE, said it in an interview to RTÉ. He was referring to his time in the organisation as far as I recall. I doubt the ratio improved since. (Probably got worse!)

And just to clarify, Tony O'Brien said that Irish Health spends a quarter of what comparable health systems in other jurisdictions spend on IT, and not a quarter less, as posted earlier.

Keyzer

Turtwig wrote: »

Tony O'Brien, former Director General of the HSE, said it in an interview to RTÉ. He was referring to his time in the organisation as far as I recall. I doubt the ratio improved since. (Probably got worse!)

He should be careful what he says.

He was HSE Director until 2018, not too long ago. I'd imagine a lot of what's there now was there on his watch.

Necro

theguzman wrote: »

The HSE is like a cancer on Irish society, €20bn a year dumped into that disgrace of an organisation and nothing even plausibly resembling healthcare is delivered. The HSE is a glorified social employment scheme and an absolute disgrace. I am happy this has happened and anything that can further damage or destroy that entity is a bonus until it is finally privatised and the Unions banned out of it.

Threadbanned

kippy

TomOnBoard wrote: »

And just to clarify, Tony O'Brien said that Irish Health spends a quarter of what comparable health systems in other jurisdictions spend on IT, and not a quarter less, as posted earlier.

This would be reflective of IT spending across the Civil Service I would think.

DublinWriter

DublinWriter wrote: »

Nope.

a) Just invest in a proper CMS and don't have your 'crown-jewels' out in open network shares.

b) Configure your Exchange server (other alternatives are available) not to accept emails from untrusted external domains, and especially emails from ones that have an embedded HTML link

It's basic enterprise security policy. My contacts tell me that a centralised IT Change and Risk Management function was not in place in the HSE and that they were still operating like the individual pre-HSE Health Boards.

But from what I'm hearing so far is that the issues were far more basic - they weren't even backing up and off-lining back up data, still using XP clients and using MS Access to store data.

I don't think it was a sophisticated hack at all - more like a brick through a window.

I dont know where youre getting your information but it's wrong.

TomOnBoard

Keyzer wrote: »

He should be careful what he says.

He was HSE Director until 2018, not too long ago. I'd imagine a lot of what's there now was there on his watch.

Why should he be careful? If its the truth, fair play to him for calling it out!

DublinWriter

kippy wrote: »

As a matter of interest have you worked in an IT Infrastructure in a similiar organisation in the past?

Yes, and your point is?

kippy

DublinWriter wrote: »

Nope.

a) Just invest in a proper CMS and don't have your 'crown-jewels' out in open network shares.

b) Configure your Exchange server (other alternatives are available) not to accept emails from untrusted external domains, and especially emails from ones that have an embedded HTML link

It's basic enterprise security policy. My contacts tell me that a centralised IT Change and Risk Management function was not in place in the HSE and that they were still operating like the individual pre-HSE Health Boards.

But from what I'm hearing so far is that the issues were far more basic - they weren't even backing up and off-lining back up data, still using XP clients and using MS Access to store data.

I don't think it was a sophisticated hack at all - more like a brick through a window.

You think the HSE use access databases as it's primary CMS solution?
That says more about you than the HSE tbh

As far as the email side goes, I can say with certainty the HSE have various filters rules and third party software in place to reduce the incidence of phishing and high risk mails that make to to the inbox of its users.
To suggest they don't again says more about you than the HSE again.

MrMusician18

TomOnBoard wrote: »

Why should he be careful? If its the truth, fair play to him for calling it out!

He would hardly be blameless himself for this situation if he only stepped down three years ago.

TomOnBoard

DublinWriter wrote: »

Nope.

a) Just invest in a proper CMS and don't have your 'crown-jewels' out in open network shares.

b) Configure your Exchange server (other alternatives are available) not to accept emails from untrusted external domains, and especially emails from ones that have an embedded HTML link

It's basic enterprise security policy. My contacts tell me that a centralised IT Change and Risk Management function was not in place in the HSE and that they were still operating like the individual pre-HSE Health Boards.

But from what I'm hearing so far is that the issues were far more basic - they weren't even backing up and off-lining back up data, still using XP clients and using MS Access to store data.

I don't think it was a sophisticated hack at all - more like a brick through a window.

You need to make more knowledgeable contacts! This is a total load of bollox!

TomOnBoard

MrMusician18 wrote: »

He would hardly be blameless himself for this situation if he only stepped down three years ago.

Again, if he's telling the truth, then fair play to him for saying it, even when it may reflect badly on himself!

Turtwig

TomOnBoard wrote: »

Why should he be careful? If its the truth, fair play to him for calling it out!

Calling out something he had decision making responsibility for?

If it is found the infrastructure was inadequate and during his years of service no reasonable actions were taken to address it he'd be someone responsible for it.