Ransomware & HSE

Dempo1

€16 million on Health Department PR Last 12 months, less than €5 million on the agency tasked with monitoring cyber crime, go figure

kippy

Dempo1 wrote: »

€16 million on Health Department PR Last 12 months, less than €5 million on the agency tasked with monitoring cyber crime, go figure

Welcome to the world of priorities and indeed the world of changed priorities based on a significant event happening to change those priorities.
If you went to MOST organisations you'd find similiar budgetary disparities between marketing and IT even (never mind security as a seperate budgetary headline.

ixoy

radiospan wrote: »

I think there's a huge misunderstanding in the report here.

How the Conti attacks have unfolded at other companies is:

1. Employee clicks on a dodgy link (to the malware).
2. Malware gets installed, encrypts everything and leaves a plaintext readme.txt file.
3. Computer stops working.
4. Employee finds readme.txt file, which contains a different link (to the negotiation with the hackers)

What everyone has been asking lately is confirmation if step 1 above is truly what happened. This is not what the Journal article confirms.

I know but that's not what I reckon people would take if I was reading the article as a layperson. They'll just see the HSE employee clicked a chat link and the ransomware began and assume it was all down to that employee's actions. There's no explanation in that article that Steps 1 & 2 exist.

J Mysterio

RogerThis wrote: »

The HSE is not a state body.

The HSE absolutely is a state body. The HSE is publicly funded to provide healthcare in Ireland and it's director reports to the Minister of Health, in the Department of Health, it's parent department.

flask_fan

J Mysterio wrote: »

The HSE absolutely is a state body. The HSE is publicly funded to provide healthcare in Ireland and it's director reports to the Minister of Health, in the Department of Health, it's parent department.

It just isn't worth engaging with someone like RogerThis. You're probably chatting with an adolescent.

RogerThis

J Mysterio wrote: »

The HSE absolutely is a state body. The HSE is publicly funded to provide healthcare in Ireland and it's director reports to the Minister of Health, in the Department of Health, it's parent department.

Is a school or a hospital a state body?

Larbre34

RogerThis wrote: »

Is a school or a hospital a state body?

St James', Yes
Blackrock Clinic, No.

Synge Street CBS, Yes
Blackrock College, No.

In other words 90+% of hospitals and national and secondary schools, are indeed State bodies.

RogerThis

flask_fan wrote: »

It just isn't worth engaging with someone like RogerThis. You're probably chatting with an adolescent.

The HSE is not the department of Health. The department of health is a state body. Whereas the HSE is a public body. There is a difference. The HSE would need to take out cyber insurance from the IPB. The department of health would not.

Sierra Oscar

RogerThis wrote: »

The HSE is not a state body.

The HSE was created under the Health Act 2004 and it’s very existence is established on a statutory footing. It exists as a State body as defined under the Act.

The entire organisation is underwritten by the State Claims Agency, is it not?

https://stateclaims.ie/about-our-work/state-indemnity/sca-delegated-authorities

RogerThis

Larbre34 wrote: »

St James', Yes
Blackrock Clinic, No.

Synge Street CBS, Yes
Blackrock College, No.

In other words 90+% of hospitals and national and secondary schools, are indeed State bodies.

Seriouly half of the schools and hositals are own by the church. These are not state body. The Department of Education does not own a load of schools.

RogerThis

Sierra Oscar wrote: »

The HSE was created under the Health Act 2004 and it’s very existence is established on a statutory footing. It exists as a State body as defined under the Act.

The entire organisation is underwritten by the State Claims Agency, is it not?

Why do the IPB exist if the State Claims Agency covers eveything?

IPB Insurance is wholly Irish-owned and is the only indigenous mutual general insurance company in the Irish market. We specialise in bespoke insurance solutions within our core public service, education and health market segments and are now one of the largest liability insurers in the market. An experienced underwriter of major liability, property and motor risks, we insure some of the largest risks in the State in the public sector and complementary markets in the semi-state and private sectors.

flask_fan

RogerThis wrote: »

Why do the IPB exist if the State Claims Agency covers eveything?

Look at who owns IPB.

Turtwig

Beechwoodspark wrote: »

Folks can anyone explain why the hackers “provided” the de encryption key to the hse earlier on?

Why would they do that?

Is it likely a ransom was paid or why did the hackers suddenly give it ?

Ever hear of 'proof of life'?
This is when the kidnappers show the person they've kidnapped and being to held up ransom for their release is still alive. Why would you pay the ransom otherwise.

The key, for want of a better term, is proof of a decryption. Showing the files can actually be decrypted. These files may be under a different encryption to the rest.

Or the attackers may not care. The data is the most valuable asset. They have got this.

Dempo1

RogerThis wrote: »

The HSE is not the department of Health. The department of health is a state body. Whereas the HSE is a public body. There is a difference. The HSE would need to take out cyber insurance from the IPB. The department of health would not.

I suggest you take a look at the organisational chart for the Department of Health, there's a little mention of the HSE

Sierra Oscar

RogerThis wrote: »

Why do the IPB exist if the State Claims Agency covers eveything?

Because there are many private organisations operating in the health sector that require insurance? Private hospitals, voluntary non-profit organisations and so on. There are many organisations working in the health sector that are not part of the HSE or run by the HSE. They may provide services on contract to the HSE, but they aren’t part of the HSE.

The HSE is underwritten by the State Claims Agency.

flask_fan

Turtwig wrote: »

Ever hear of 'proof of life'?
This is when the kidnappers show the person they've kidnapped and being to held up ransom for their release is still alive. Why would you pay the ransom otherwise.

The key, for want of a better term, is proof of a decryption. Showing the files can actually be decrypted. These files may be under a different encryption to the rest.

Or the attackers may not care. The data is the most valuable asset. They have got this.

Why?


We don't know what they've got and 700gb=sqrtfa

RogerThis

Dempo1 wrote: »

I suggest you take a look at the organisational chart for the Department of Health, there's a little mention of the HSE

Does it mention anything about insurance in the org chart?

flask_fan

Sierra Oscar wrote: »

Because there are many private organisations operating in the health sector that require insurance? Private hospitals, voluntary non-profit organisations and so on.

The HSE is underwritten by the State Claims Agency.

You're almost certainly arguing with an adolescent.

Cerveza

flask_fan wrote: »

You're almost certainly arguing with an adolescent.

Indeed old chap.

skimpydoo

Cerveza wrote: »

Indeed old chap.

Roger that

RogerThis

Sierra Oscar wrote: »

Because there are many private organisations operating in the health sector that require insurance? Private hospitals, voluntary non-profit organisations and so on. There are many organisations working in the health sector that are not part of the HSE or run by the HSE. They may provide services on contract to the HSE, but they aren’t part of the HSE.

The HSE is underwritten by the State Claims Agency.

I don't believe that every HSE insurance claim goes State Claims Agency.
But I no way of proving it.

Wombatman

radiospan wrote: »

I think there's a huge misunderstanding in the report here.

How the Conti attacks have unfolded at other companies is:

1. Employee clicks on a dodgy link (to the malware).
2. Malware gets installed, encrypts everything and leaves a plaintext readme.txt file.
3. Computer stops working.
4. Employee finds readme.txt file, which contains a different link (to the negotiation with the hackers)

Point 2 is incorrect. Malware gets installed to allow remote access. Once the hackers have access to the system they may spend weeks-to-months poking around inside an organization’s network before activating their ransomware payload.

Beyond the initial breach the hackers need to access remotely, move latterly, execute software, encrypt and exfiltrate. The bad actor is a human intruder in the main, as opposed to spawning software in the case of a classical virus.

If HSE had cybersecurity team detected any of the activities above, like the Dept. of Health did, they may have been able to prevent the worst effects of the attack.

Dempo1

RogerThis wrote: »

Does it mention anything about insurance in the org chart?

No but better help you understand the HSE part of the Department of health.

So just to clarify insurance before bed time.

State (remember that word) claims agency handles public liability insurance for STATE agencies. Seperately motor, property insurances handled similarly to corporate entities, fleet insurance etc, Government vehicles which include Garda cars, Ambulances, fire engines, even county council vehicles all taxed.

Now, time for bed, night night

MrMusician18

flask_fan wrote: »

Why?


We don't know what they've got and 700gb=sqrtfa

700gb is 475m pages of text files. The thieves almost certainly stole documents and text databases not diagnostic images and video

Sierra Oscar

RogerThis wrote: »

I don't believe that every HSE insurance claim goes State Claims Agency.
But I no way of proving it.

Of course they do. How would it operate otherwise?

State Indemnity

Government Departments and other State agencies, whose claims are delegated for management by the State Claims Agency (SCA), do not have conventional insurance cover. Instead, these State bodies operate under State indemnity, a self-insurance model whereby the State bears the financial risk associated with the costs of claims.

The previous link I already posted clearly shows that the HSE is indemnified by the SCA.

RogerThis

Dempo1 wrote: »

No but better help you understand the HSE part of the Department of health.

So just to clarify insurance before bed time.

State (remember that word) claims agency handles public liability insurance for STATE agencies. Seperately motor, property insurances handled similarly to corporate entities, fleet insurance etc, Government vehicles which include Garda cars, Ambulances, fire engines, even county council vehicles all taxed.

Now, time for bed, night night

Oh, look at this bud
https://www.thejournal.ie/motor-tax-garda-bike-exempt-893459-May2013/

Hibernicis

Its totally O/T but this is a brief summary of how the HSE is insured.

The SCA is not an insurer in the normal sense (it does not charge premiums, it does not operate a reserving policy) its is simply a centralised claims handling body for a large number of state entities (which includes the HSE and other specified Health related entities). All of this operates on the basis of being self insured by the state, i.e. all settled claims are paid by the SCA (NTMA) and charged back to the exchequer. The remit of the SCA is quite specific

1. Under the General Indemnity Scheme, the SCA manages personal injury and third-party property damage claims taken against State bodies covered by the scheme.
2. Under the Clinical Indemnity Scheme, the SCA manages clinical negligence claims taken against healthcare enterprises, hospitals and clinical, nursing and allied healthcare practitioners covered by the scheme.

So the scope of the SCA is limited to personal injury claims, third-party property damage claims and clinical negligence claims where relevant

IPB is an Insurer, and a large one, that operates on a Mutual basis. Its membership is all Local Authorities, all Regional Authorities, all ETBs and specifically the HSE.

So claims against the HSE go in one of two directions, to the SCA for the specific areas that that Agency deals with, and to IPB for anything else for which the HSE is covered.

RogerThis

Sierra Oscar wrote: »

Of course they do. How would it operate otherwise?

State Indemnity



The previous link I already posted clearly shows that the HSE is indemnified by the SCA.

Yes, I understand for the large medical claims, but do you think they cover the like of property insurance for the of Boards of Community & Comprehensive Schools? I just don't think SCA look after everything. eg cyber insurance.

RogerThis

Hibernicis wrote: »

Its totally O/T but this is a brief summary of how the HSE is insured.

The SCA is not an insurer in the normal sense (it does not charge premiums, it does not operate a reserving policy) its is simply a centralised claims handling body for a large number of state entities (which includes the HSE and other specified Health related entities). All of this operates on the basis of being self insured by the state, i.e. all settled claims are paid by the SCA (NTMA) and charged back to the exchequer. The remit of the SCA is quite specific

1. Under the General Indemnity Scheme, the SCA manages personal injury and third-party property damage claims taken against State bodies covered by the scheme.
2. Under the Clinical Indemnity Scheme, the SCA manages clinical negligence claims taken against healthcare enterprises, hospitals and clinical, nursing and allied healthcare practitioners covered by the scheme.

So the scope of the SCA is limited to personal injury claims, third-party property damage claims and clinical negligence claims where relevant

IPB is an Insurer, and a large one, that operates on a Mutual basis. Its membership is all Local Authorities, all Regional Authorities, all ETBs and specifically the HSE.

So claims against the HSE go in one of two directions, to the SCA for the specific areas that that Agency deals with, and to IPB for anything else for which the HSE is covered.

Thanks, you're a wiser man\woman than me.

Hibernicis

It's over 15 pages since anybody mentioned "WINDOWS 7" in this thread.

Is this a record ?