Ransomware & HSE

igCorcaigh

MrMusician18 wrote: »

520 records leaked last week.

Appears to be the initial sample data set leaked to prove that the attackers were serious.

Can we expect more data release so?

ineedeuro

igCorcaigh wrote: »

Can we expect more data release so?

At this stage the HSE know what data they have, they should be telling the public but instead they are hiding.

They would have known since last week the data was released yet they wait a week to tell everyone.
Its a cover up job. Disgracefully

monkeybutter

ineedeuro wrote: »

At this stage the HSE know what data they have, they should be telling the public but instead they are hiding.

They would have known since last week the data was released yet they wait a week to tell everyone.
Its a cover up job. Disgracefully

They should release all the data themselves first, booom

MrMusician18

igCorcaigh wrote: »

Can we expect more data release so?

Nothing to base this on but my gut feeling but I'd put it at a 90% chance there's more to come over the weeks and months as it's likely that the data has been sold on.

The other 10% chance is that the criminals have been leaned on politically and have simply decided that the HSE are not worth the heat and have moved on. Or the ransom was paid (I know the government has strenuously insisted that it wasn't).

This leak though gives us no indication either way as this was out there initially to ramp pressure on government before the criminals mysteriously and voluntarily handed over the keys. And before the dump deadline passed.

Pussyhands

RTE really are a disgrace. How can anyone wonder why people are losing trust in the media and turning to their own sources?

They had a new story today that HSE data was leaked on the dark net.

But when it comes to it, it was only a confirmation that the sample released last week that everyone took as being real, was in fact real data.

We've been hearing the last number of days "there is no sign that HSE data has been posted to the dark net". Today we're told HSE data has been leaked. So I wonder how many people are out there thinking this is new data, and not just data released last week.

ineedeuro

ineedeuro wrote: »

It's a shambles the whole thing. But sure people here will tell you that nobody is to blame :-)

Oh somebody is definitely to blame.

That organisation is an utter shambles at strategic and tactical level.

Those operational and front line staff are real hero's and its absolutely awful they have to work under such self serving clueless stone age buffoons. No doubt many pen pushers have given themselves pay rises over the years at the expense of Infosec and paying frontline staff a decent wage.

Same somebody is likely so protected they don't even realise they are at fault for this.

biko

Atlantic Dawn wrote: »

Bad, bad, feckers releasing the patient data.

It was always going to happen.
They must leak it to keep their next victims paying.

This group is criminal and should be jailed for extorsion and life endangerment in a Russian dungeon in some Gulag.

Hotblack Desiato

Northernlily wrote: »

No doubt many pen pushers have given themselves pay rises over the years at the expense of Infosec and paying frontline staff a decent wage.

:rolleyes:

The only people in the public sector who can award themselves (or anyone else) a pay rise are politicians.

ineedeuro

Hotblack Desiato wrote: »

:rolleyes:

The only people in the public sector who can award themselves (or anyone else) a pay rise are politicians.

They can provide themselves and other promotions which push up wages....

ClosedAccountFuzzy

This is what happens though when you see IT as nothing but an overhead. It’s highly dangerous to pursue eHealth systems without adequate infrastructure.

Also a huge amount of this stuff could probably be simplified these days by using cloud based services and getting rid of most of the local stuff entirely.

I would guess they’ve inherited a total mess of systems. I read a reference somewhere in a news report from a few years ago that they were trying to integrate 57 different systems at one stage.

A huge upgrade of the HSE could easily cost a billion plus though when you look at the likes of say what Bank of Ireland spent upgrading their systems and use that as a benchmark.

ineedeuro

FuzzyThinking wrote: »

This is what happens though when you see IT as nothing but an overhead. It’s highly dangerous to pursue eHealth systems without adequate infrastructure.

Also a huge amount of this stuff could probably be simplified these days by using cloud based services and getting rid of most of the local stuff entirely.

I would guess they’ve inherited a total mess of systems. I read a reference somewhere in a news report from a few years ago that they were trying to integrate 57 different systems at one stage.

A huge upgrade of the HSE could easily cost a billion plus though when you look at the likes of say what Bank of Ireland spent upgrading their systems and use that as a benchmark.

Why are you using BOI as some sort of reference, it isn’t. They are completely different systems with completely different requirements, regulations etc

The cost of replacing a core banking system has zero relevance to a health system

Shane Fitz

ineedeuro wrote: »

Why are you using BOI as some sort of reference, it isn’t. They are completely different systems with completely different requirements, regulations etc

The cost of replacing a core banking system has zero relevance to a health system

What would you reference it against?

rom

MrMusician18 wrote: »

It's not particularly professional to be posting about what you're seeing through work on a public forum tbh.

Sorry 100% agree - very unprofessional and as they did it at 12:30 on a Friday.
So someone in the HSE goes humm who did we ask for such services last week.
Oh that would be X Ltd.
Hi X Ltd CEO can you have the following investigated please as you are going to lose this and any future HSE contracts as a result if not.
CEO requested an investigation.
Someone checks the proxy logs on who was accessing boards.ie at 12:30 on a Friday leaking sensitive details of an ongoing work contract.
They call said person into office and ask about their recent use of boards and would they like to say anything. The spill the beans or X Ltd goes back and builds a better case with all the URL etc that the person was accessing. This time it is hard to deny.
They are marched out the door to work out their notice at home because they are a security and risk. Also they may have caused X Ltd to lose a big contract.

If I worked for the HSE (which 100k people do) then they would probably be reading that and have it reported already.

Using Virtue signalling, Ok boomer or whatever is the new catch all phrase won't save their job.

ClosedAccountFuzzy

ineedeuro wrote: »

Why are you using BOI as some sort of reference, it isn’t. They are completely different systems with completely different requirements, regulations etc

The cost of replacing a core banking system has zero relevance to a health system

Right…

cadaliac

FuzzyThinking wrote: »

This is what happens though when you see IT as nothing but an overhead. It’s highly dangerous to pursue eHealth systems without adequate infrastructure.

Also a huge amount of this stuff could probably be simplified these days by using cloud based services and getting rid of most of the local stuff entirely.

.

Nobody thinks the IT department as an overhead. That changed years ago.
All companies now (including sate bodies) are migrating toward cloud.

ClosedAccountFuzzy

cadaliac wrote: »

Nobody thinks the IT department as an overhead. That changed years ago.
All companies now (including sate bodies) are migrating toward cloud.

Bodies that are driven by politics and politicians tend to, when a project is not seen as having any tangible and immediately obvious benefit budgets don’t get allocated.

The public sector, particularly in a high spend area like health isn’t a business. Everything they do is coming from the public purse and is subject to a very different type of scrutiny to a company.

You see it throughout areas where there’s direct political control of budgets.

For example we have huge issues with water and sewage infrastructure because councils didn’t want to spend money on invisible infrastructure and other things kept being prioritised.

There’s relatively weak understanding of the risks and importance of IT systems and if they work, you’ll get decisions made to not fund upgrades.

biko

cadaliac wrote: »

All companies now (including sate bodies) are migrating toward cloud.

This in itself is good and bad.

The cloud is just someone else's computer, and you are betting big on them being better at security than you.

These cloud providers are usually really good at security, but if there is an exploit it means everyone using the same provider is vulnerable.

One example is leaked celeb nude photos that was hacked from iCloud. Without iCloud many of those images would not have been stolen.
If you break the cloud you have access to much more than if you have to hack one computer at the time.

If you use inhouse servers you need to pay for staff, server rooms, cooling etc etc. It's more expensive and the benefits are small.

biko

I know some fecker is going to ignore the rest of that post ^^ and focus on "nude celebs"

ineedeuro

Shane Fitz wrote: »

What would you reference it against?

Maybe look at what the NHS done?
They had a ransomware attack and implemented changes since. The HSE should already have used that as a reference point but they certainly should now

ineedeuro

cadaliac wrote: »

Nobody thinks the IT department as an overhead. That changed years ago.
All companies now (including sate bodies) are migrating toward cloud.

No they are not. Most companies are looking at hybrid cloud.

It also doesn’t matter if the HSE system was on site or on cloud if they don’t patch they have the same issue

Cordell

10 or so years ago, happened only to accounts with weak passwords that could be brute forced. No data was lost, no downtime.
Cloud is not perfect but it's certainly better.

Wombatman

rom wrote: »

Sorry 100% agree - very unprofessional and as they did it at 12:30 on a Friday.
So someone in the HSE goes humm who did we ask for such services last week.
Oh that would be X Ltd.
Hi X Ltd CEO can you have the following investigated please as you are going to lose this and any future HSE contracts as a result if not.
CEO requested an investigation.
Someone checks the proxy logs on who was accessing boards.ie at 12:30 on a Friday leaking sensitive details of an ongoing work contract.
They call said person into office and ask about their recent use of boards and would they like to say anything. The spill the beans or X Ltd goes back and builds a better case with all the URL etc that the person was accessing. This time it is hard to deny.
They are marched out the door to work out their notice at home because they are a security and risk. Also they may have caused X Ltd to lose a big contract.

If I worked for the HSE (which 100k people do) then they would probably be reading that and have it reported already.

Using Virtue signalling, Ok boomer or whatever is the new catch all phrase won't save their job.

Delusional paranoia. I really hope you don't see the real world working like this. What sensitive details were 'leaked' for goodness sake?

Every dog on the street knew IT in the HSE was a chronic mess before this event even happened.

The 'offending' poster said "I cannot go into to much details for obvious reasons" because they were conscious of the need for confidentially.

I'm happy the poster is calling a spade a spade. I get a real 'Emperor's New Clothes' vibe off some in this thread, who won't have a bad word said about the HSE.

The most venerable are victims because they are the most venerable. I don't see this as victim blaming in the context of Cybersecurity.

Calling out negligence and looking for accountability shouldn't be avoided or suppressed.

Floppybits

ineedeuro wrote: »

No they are not. Most companies are looking at hybrid cloud.

It also doesn’t matter if the HSE system was on site or on cloud if they don’t patch they have the same issue

If you are not upgrading your server/network security regularly then you are leaving yourself open to this sort of attack. I know I shouldn't but I can't believe that they were still using windows 7 in the HSE, hopefully their servers were using more up to date operating systems.

There was a time when IT was a headache for companies and it seen companies outsource their IT departments, which I thought was nuts at the time but hey it brought in savings even though it was very short sighted and outsourcing ended up costing the companies more. Cloud is the new outsourcing, it does have it benefits as it gives companies the flexibility to scale up and down as they need quickly and easily rather than having to wait for a new server to be procured, delivered, installed and then set up, you can have a new one done up and running in less than an hour. The only thing is that all your data and applications are going to be hosted outside your company.

mrjoneill

ineedeuro wrote: »

No they are not. Most companies are looking at hybrid cloud.

It also doesn’t matter if the HSE system was on site or on cloud if they don’t patch they have the same issue

Wonder do the banks use "hybrid cloud", I doubt very much they do. I would imagine they manage their own data centre and central to this is securing it from the constant attacks it is likely under. HSE was different in security as it was their data that needed protection from a ransom type attack that happened. I would imagine the HSE system informally grew by the adding of new systems and networks. Such left them really exposed and I would think with such a sys security was not to the foremost but keeping it running..

Hotblack Desiato

ineedeuro wrote: »

They can provide themselves and other promotions which push up wages....

Which is (a) bollocks and (b) not what the other poster said.

Dyr

biko wrote: »

The cloud is just someone else's computer, and you are betting big on them being better at security than you.

These cloud providers are usually really good at security, but if there is an exploit it means everyone using the same provider is vulnerable.

Does'nt matter how secure the vendors cloud infrastructure is, if you don't have a culture of security first you will still be vulnerable

And a lot of organisations have a just-get-it-done-now approach to IT projects which guarantees poor security practises.

Flinty997

cadaliac wrote: »

Nobody thinks the IT department as an overhead. That changed years ago.
All companies now (including sate bodies) are migrating toward cloud.

Not been my experience.
Even after migrating to the cloud.

An increasing pattern I see is IT being left out of the loop and then the business goes out outsourcing. They run into problems with the outsourced solution then come back to IT looking for help, who can't because they aren't involved.

I've actually walked into meetings and been asked why a project is months behind schedule. Only for then to realise they never involved anyone in IT.

Van.Bosch

Where are we at now in terms of HSE systems back up and running? Is it 50%? Do we just work through it but by bit or is there some issues which can’t be resolved?

deandean

With the press reporting that this could cost the HSE up to €100m to rectify, I wonder if they taking the opportunity, and the blank cheque they no doubt have, to upgrade to Windows 10?

ineedeuro

deandean wrote: »

With the press reporting that this could cost the HSE up to €100m to rectify, I wonder if they taking the opportunity, and the blank cheque they no doubt have, to upgrade to Windows 10?

Doesn’t matter what version of Windows they have if they don’t patch