Ransomware & HSE

kippy

Turtwig wrote: »

Calling out something he had decision making responsibility for?

If it is found the infrastructure was inadequate and during his years of service no reasonable actions were taken to address it he'd be someone responsible for it.

It's likely something was done on the basis of an audit or report. Who is to say whether it was enough or not?
Again without a lot of details it is impossible to say.

Turtwig

kippy wrote: »

It's likely something was done on the basis of an audit or report. Who is to say whether it was enough or not?
Again without a lot of details it is impossible to say.

Agreed. We don't know enough yet. Someone said it best earlier to approach it like an air accident investigation for the purposes of learning and preventing rather than blame.

Find it scary the certainty of conviction some people have over what happened it, why and who's responsible!

DublinWriter

kippy wrote: »

You think the HSE use access databases as it's primary CMS solution?

I never said that. Maybe you need to give your head a wobble if you're confusing CMS with CRM.

DublinWriter

TomOnBoard wrote: »

You need to make more knowledgeable contacts! This is a total load of bollox!

Oh really? The HSE have declared that they have over 2,000 client facing systems. That's not even the total.

Maybe you can enlighten us with your obviously superior knowledge?

DublinWriter

kippy wrote: »

As far as the email side goes, I can say with certainty the HSE have various filters rules and third party software in place to reduce the incidence of phishing and high risk mails

Well, that obviously failed.

Blowfish

DublinWriter wrote: »

Well, that obviously failed.

How do you know that email was the entrypoint? It hasn't been released anywhere I've seen.

Wombatman

So it was detected in the Department of Health but not by the HSE.

Malicious activity was detected on the Department of Health’s network early on Friday morning, but an attempt to execute ransomware was “detected and stopped” due to anti-virus software and the deployment of anti-attack tools early in the investigation process.

I wonder what factors lead to one detecting and the other not. Luck, of lack of it, can sometime be the deciding factor to TBF.

The Dept. of Health did well to detect an alleged "zero-day" attack. :rolleyes:

https://www.irishtimes.com/news/health/department-of-health-hit-by-cyberattack-similar-to-that-on-hse-1.4566541

TomOnBoard

Turtwig wrote: »

Calling out something he had decision making responsibility for?

If it is found the infrastructure was inadequate and during his years of service no reasonable actions were taken to address it he'd be someone responsible for it.

Exactly... IF!

And then a whole ****load of actors who are involved in any decision-making processes that gave rise to not resolving such inadequacies will get their turn in the barrell. This will include those in HSE, and those in Central Government who are heavily involved in approving funds and numbers (or not approving them) before the HSE gets a penny.

This is a public health system, mostly funded by the Exchequer that must compete every year for funds to provide the services we receive.

Tony O ' Brien may well have sought additional funding over the years of his tenure, but if he didn't get such funding, how can he be considered to have been THE decision-maker?

TomOnBoard

DublinWriter wrote: »

Oh really? The HSE have declared that they have over 2,000 client facing systems. That's not even the total.

Maybe you can enlighten us with your obviously superior knowledge?

You said: (and i'm adding the words in parentheses to break your statement down into its parts)

"But from what I'm hearing so far is that the issues were far more basic -

they weren't even backing up
and
(weren't even) off-lining back up data,
(were) still using XP clients and
(were) using MS Access to store data."

THAT was the load of bollox to which I referred!

Wombatman

TomOnBoard wrote: »

You said: (and i'm adding the words in parentheses to break your statement down into its parts)

"But from what I'm hearing so far is that the issues were far more basic -

they weren't even backing up
and
(weren't even) off-lining back up data,
(were) still using XP clients and
(were) using MS Access to store data."

THAT was the load of bollox to which I referred!

In all probability all those statements are true to some degree for what it's worth.

Rezident

Turk 182 wrote: »

It was such an awful time for this to happen with the predicament we're in with covid already. Hopefully it won't take too long to rectify but I don't know, maybe they should just pay the ransom.

No. Do not pay the ransom. Work through it as best we can and learn from this so it does not happen again.

If you pay the ransom, you are inviting every hacking group on the planet to target us, and they will. If we do not pay, it is not worth their while. They can post all my medical records online, but do not pay them a cent, ever.


Take your time and find them, the truth always comes out in the end, and send the Rangers in to deal with them.

DublinWriter

TomOnBoard wrote: »

You said: (and i'm adding the words in parentheses to break your statement down into its parts)

"But from what I'm hearing so far is that the issues were far more basic -

they weren't even backing up
and
(weren't even) off-lining back up data,
(were) still using XP clients and
(were) using MS Access to store data."

THAT was the load of bollox to which I referred!

Well wait for the final audit report which may or may not come out next year.

I've several ICT contacts and colleagues working in the HSE.

Not really interested in getting involved with the usual willy-waving competition that happens on here, save it for TikTok dude.

TomOnBoard

Wombatman wrote: »

So it was detected in the Department of Health but not by the HSE.



I wonder what factors lead to one detecting and the other not. Luck, of lack of it, can sometime be the deciding factor to TBF.

The Dept. of Health did well to detect an alleged "zero-day" attack. :rolleyes:

https://www.irishtimes.com/news/health/department-of-health-hit-by-cyberattack-similar-to-that-on-hse-1.4566541

However, that article adds to my sense of confusion about the timeline here..

"The Department of Health said in a statement that it “can confirm that late last week it was subject to a ransomware attack similar to the attack on the HSE. Since Thursday we have been working to respond to this incident."

and

"A spokesperson for the Department of the Environment, Climate and Communications said that the National Cyber Security Centre (NCSC) became aware on Thursday of an attempted cyber attack on the Department of Health."

and

"The NCSC had been made aware on Thursday afternoon of potential suspicious activity on the Department’s network. “Preliminary investigations indicated suspected presence of cobalt strike Beacon, which is a remote access tool,” it said."

Its been reported that the ransomware attack was first spotted in the Rotunda during early hours of Friday. But, as the Dept of Health and NCSC were already involved on Thursday, had the encryption already happened on the HSE's systems? Or, if HSE was still operational, and the encryption had not yet kicked in, did anyone alert them as to the presence of the threat in the Dept.of Health?

Somewhere down the line, that timeline will need to be fully understood for very obvious reasons.

Ash.J.Williams

kippy wrote: »

As a matter of interest have you worked in an IT Infrastructure in a similiar organisation in the past?

From the sounds of it no

Larbre34

I'm beginning to think that there should be no independent State IT systems that aren't overseen by a cyber affairs agency or department, one that takes control of security, networks and systems matters for all State bodies at the highest level and who operate at the cutting edge of coumteracting this sort of nefarious stuff.

Seth Brundle

Larbre34 wrote: »

I'm beginning to think that there should be no independent State IT systems that aren't overseen by a cyber affairs agency or department, one that takes control of security, networks and systems matters for all State bodies at the highest level and who operate at the cutting edge of coumteracting this sort of nefarious stuff.

Centralise all of the government IT systems?

dublin49

would imagine if we pay all or part of ransom it will be on the basis of secrecy and we will continue to hear nothing was paid.I am sure the gangsters wont mind and payments may be made by a third party "consultant" .

fly_agaric

Larbre34 wrote: »

I'm beginning to think that there should be no independent State IT systems that aren't overseen by a cyber affairs agency or department, one that takes control of security, networks and systems matters for all State bodies at the highest level and who operate at the cutting edge of coumteracting this sort of nefarious stuff.

Don't know exactly what we (Ireland) have now + what it does (that "National Cybersecurity Centre"?) but you'd imagine the role more as advising on best practices and auditing what the public sector are doing/rapping on knuckles if it is vulnerable rather than "directing" or "overseeing"/"controlling" as such.

Helping out/advising with the response to/investigation of such attacks if or when they are successful (or just particularly dangerous/determined?) and even being proactive too and hacking back is also what I'd see as the work of something like that.

As posted before IMO, it really seems like part of defense/security of the country (so Dept. of Defense/the military) rather than aspect of normal IT operations of the Civil service/state bodies etc.

jmayo

storker wrote: »

Maybe when the Israelis get finished in Gaza...

In all seriousness, the world needs to start treating hacks like this as acts of war/terrorism. I'm not saying a military response, but it might help to send a message that there's a price to be paid for facilitating/protecting/encouraging/enabling these scum.

I would say if the Israeli health service was hit they would exact retribution.

The West has gotten soft.
The leaders spend more time pandering to eejits on social media than actually doing what is right for their citizens and long term good.

Worst still the US elected a numbnuts that basically apologised to Putin for US services investigating Russia's involvement in hacking an election.
Well he had benefited so I suppose he couldn't do otherwise.

How any patriotic American could vote for him is mind boggling and shows how stupid most of them really are.

The major players in Western Europe are beholden to Russia for energy when really they should be looking at alternatives.

I believe the next war is already here and it is being fought in cyberspace.

And the West is getting it's ass handed to it at the moment.

cnocbui wrote: »

I think there should be a military response. The Chinese recently hacked the Indian power grid, knocking out swathes of the country. People are said to have died. That is an act of war and I think they should have retaliated militarily. Some level of hot military engagement with China is inevitable, IMO. Might as well get the west together in a coordinated way now and have at them on our terms.

If you want to hurt China just stop investing there and ordinary people stop buying their shyte.
Nah consumers want their cheap sh** and corporations want their massive profits and call the shots.

China was nowhere before we started getting everything made there.

Turtwig wrote: »

Calling out something he had decision making responsibility for?

If it is found the infrastructure was inadequate and during his years of service no reasonable actions were taken to address it he'd be someone responsible for it.

Would remind one of bertie complaining about the mess made by biffo. :rolleyes:

radiospan

This hacking group seems prolific, they have leaks from attacks on 16 different businesses around the world posted on their site today alone.

There's a message on top of their site saying "If you are a client who declined the deal and did not find your data on cartel's website or did not find valuable files, this does not mean that we forgot about you, it only means that data was sold and only therefore it did not publish in free access"

mloc123

radiospan wrote: »

This hacking group seems prolific, they have leaks from attacks on 16 different businesses around the world posted on their site today alone.

what is their website?

dublin49

dublin49 wrote: »

would imagine if we pay all or part of ransom it will be on the basis of secrecy and we will continue to hear nothing was paid.I am sure the gangsters wont mind and payments may be made by a third party "consultant" .

Not a chance of that happening, there's gonna be so many freedom of information requests on this.

Hurrache

radiospan wrote: »

This hacking group seems prolific, they have leaks from attacks on 16 different businesses around the world posted on their site today alone.

There's a message on top of their site saying "If you are a client who declined the deal and did not find your data on cartel's website or did not find valuable files, this does not mean that we forgot about you, it only means that data was sold and only therefore it did not publish in free access"

It can't be verified as to its authenticity. It's all heavily redacted so could as easily be bluffs.

Larbre34

Seth Brundle wrote: »

Centralise all of the government IT systems?

Not literally. Silo them all appropriately of course, but have the standards and security oversight be managed by an agency whos job is to procure and secure, who gets to approve what is being built and bought at local level, who has an expert staff to put the highest standards of every aspect of State ICT and data.

Yes we have the NCSC, but thats tiny and reactive. Use it as a starting point, by all means, but nothing less than the reputation of this State as a leading global IT player and a best practice manager of data relies on them having budget, expertise and teeth.

MrMusician18

Deleted User wrote: »

Not a chance of that happening, there's gonna be so many freedom of information requests on this.

Freedom of information has exemptions for national security.
Of course there are ways to fund this - and hide it. How do you think the gardai pay informants?

DublinWriter

Blowfish wrote: »

How do you know that email was the entrypoint? It hasn't been released anywhere I've seen.

It was via email, but would be interested in hearing your learned opinion.

mloc123

DublinWriter wrote: »

It was via email

Has that actually been confirmed or "conti is always via email"?

Galwayguy35

Hospital rang me today to say my appointment for tomorrow was still on, guess I'm one of the lucky ones.

saabsaab

A mention was made on the news about 'working with trusted criminals'! An oxymoron if there ever was one.

él statutorio

Were there backups in place or were they encrypted too?