Ransomware & HSE

ineedeuro

Dempo1 wrote: »

Yes I agree it is standard practice by all accounts. Witnessed first hand an A&E with someone during the week, not even xrays could be done, Blood test up to 6 hours. One elderly man was checked on a Sunday, suspected broken arm, xray required, advised to go home and come back in the AM for surgery, arrives back, no one and I mean no one knew who he was, files couldn't be found, no one had information on his case, nothing, 86 years old, travelled to the Midlands from Louth because its orthedpedics. Wild west stuff, I'm not blaming frontline staff but my god it was an eye opener.

It is a disgrace and what is even worse is no answers. Nothing
This is because the HSE and the government know the Irish people are gullible. Feed them a couple of lines and buzz words and they will say nothing.

Just look at this thread, pages of excuses. Yet patient data is floating around the internet at the moment, everyone is been bombarded with calls from scammers, you can't go into a hospital because it doesn't work

Front line workers already stretched to the limit are been asked to continue with no systems, they are the ones getting the abuse from people.

Just a few lines of rubbish every few days. While RTE etc push it as far as possible from the headlines.

This is the HSE & government that had no problem bringing women dying from cancer to court, again another mess but did we see anyone lose a job over that?

ineedeuro

Deleted User wrote: »

Stuxnet did massive damage to Iran's nuclear program. It sat on their network for weeks. Do you think Iran had security controls in place?

Over 10 years ago? in the World of IT hardly relevant is it?
The NHS happened in 2017, what better a reference point for the HSE and make sure it didn't happen here. The NHS are very vocal and have shared loads of information.

ineedeuro

ineedeuro wrote: »

Over 10 years ago? in the World of IT hardly relevant is it?
The NHS happened in 2017, what better a reference point for the HSE and make sure it didn't happen here. The NHS are very vocal and have shared loads of information.

Explain how you or a security professional would go about finding a virus hidden on your laptop or phone right now. To take you seriously, I want to know what you know.

ineedeuro

Deleted User wrote: »

Explain how you or a security professional would go about finding a virus hidden on your laptop or phone right now. To take you seriously, I want to know what you know.

How is FireEye going to find out which systems currently are infected and which are not?
Just because someone has a different opinion doesn't mean you should constantly try to demean them. That's twice now you have tried this "I know more than you" line of questioning.

Dempo1

ineedeuro wrote: »

It is a disgrace and what is even worse is no answers. Nothing
This is because the HSE and the government know the Irish people are gullible. Feed them a couple of lines and buzz words and they will say nothing.

Just look at this thread, pages of excuses. Yet patient data is floating around the internet at the moment, everyone is been bombarded with calls from scammers, you can't go into a hospital because it doesn't work

Front line workers already stretched to the limit are been asked to continue with no systems, they are the ones getting the abuse from people.

Just a few lines of rubbish every few days. While RTE etc push it as far as possible from the headlines.

This is the HSE & government that had no problem bringing women dying from cancer to court, again another mess but did we see anyone lose a job over that?

I hear you, I forgot to mention on the day I was in A&E with a friend, I offered a lift because I was actually in for an MRI, I'd expected it to be cancelled to be honest but no, it went ahead but here's the kicker, whilst I'm a public patient, my scan was being done within the public hospital by a private company on behalf of the HSE (waiting 3 years) and yet in the Hospital radiology department NO SCANS OR MRI"s being done. Now I get the issue re imaging etc but this I believe was extraordinary, admitidly I was told AFTER MRI there will be a delay in results.

seamus

Chris_5339762 wrote: »

I lost some music years ago - just a few hours worth when a hard drive went down.


I have all my files on Onedrive and a backup HDD that I only connect to do a backup. Then a second backup HDD to backup that one.

The only thing I don't have is fireproofing. If the house burns down I'm screwed.

Was discussing this at work yesterday. We have critical backups encrypted and duplicated across a number of cloud providers. In a way that they cannot be changed or deleted. The only way they can be lost is if the cloud provider disappears.

Having a physical backup somewhere as well, seems like a simple failsafe. But when you think about it, it is several million times more likely that physical backup stored in a locked room in our office will be stolen or destroyed, than it is that AWS will be infiltrated in such a way that their distributed data system will be lost.

My advice would be to ditch the physical backup and use something like AWS Glacier Deep Archive. In this you can backup your data in a way that it's absolutely unchangeable. So even if someone goes in and encrypts your onedrive content and you back it up to AWS, your earlier backups are still clean as a whistle. And it costs next to nothing; storing 1TB of data costs about €1/month. You wouldn't use it for accidentally undeleting a single file; you'd have a separate backup for that. But for "oh **** I've lost everything", it's ideal.

ineedeuro

ineedeuro wrote: »

It is a disgrace and what is even worse is no answers. Nothing
This is because the HSE and the government know the Irish people are gullible. Feed them a couple of lines and buzz words and they will say nothing.

Just look at this thread, pages of excuses. Yet patient data is floating around the internet at the moment, everyone is been bombarded with calls from scammers, you can't go into a hospital because it doesn't work

Front line workers already stretched to the limit are been asked to continue with no systems, they are the ones getting the abuse from people.

Just a few lines of rubbish every few days. While RTE etc push it as far as possible from the headlines.

This is the HSE & government that had no problem bringing women dying from cancer to court, again another mess but did we see anyone lose a job over that?

Not pages of excuses, just people who know what they are talking about and the reality of working in I.T.

DublinWriter

biko wrote: »

The cloud is just someone else's computer, and you are betting big on them being better at security than you.

These cloud providers are usually really good at security, but if there is an exploit it means everyone using the same provider is vulnerable.

If I only had a Euro for every 'exec' who comes back after a vendor-presentation who cries "we must move to the cloud!"

It's complete BS. As CIO it's up to you to know who in your ICT Section has access to sensitive data. You can't vouch to this with cloud-outsourcing.

ineedeuro

DublinWriter wrote: »

If I only had a Euro for every 'exec' who comes back after a vendor-presentation who cries "we must move to the cloud!"

It's complete BS. As CIO it's up to you to know who in your ICT Section has access to sensitive data. You can't vouch to this with cloud-outsourcing.

Even with your environment in the cloud the security is up to the customer and not the provider.

Moving ot the cloud does not mean suddenly the environment is secure and no need for a security team. It just means you now need to secure the environment in the cloud while probably still trying to secure your DC's.

I know that and I don't even work in I.T according to this thread

"While AWS manages security of the cloud, security in the cloud is the responsibility of the customer. Security teams need to understand their part in the shared responsibility model, where customers retain control of what security they choose to implement to protect their own content, platform, applications, systems, and networks, no differently than they would for applications in an onsite data center."

ineedeuro

Heard this today from someone who was cancelled an appointment in children hospital.

https://www.rte.ie/news/health/2021/0602/1225526-cyber-children-hospitals/

Then below that is information on Letterkenny hospital is also crippled

limnam

If the HSE do things right.

It really could be the year of the Linux desktop :pac:

kippy

limnam wrote: »

If the HSE do things right.

It really could be the year of the Linux desktop :pac:

You think things are in chaos now?

plodder

ineedeuro wrote: »

Even with your environment in the cloud the security is up to the customer and not the provider.

Moving ot the cloud does not mean suddenly the environment is secure and no need for a security team. It just means you now need to secure the environment in the cloud while probably still trying to secure your DC's.

I know that and I don't even work in I.T according to this thread

"While AWS manages security of the cloud, security in the cloud is the responsibility of the customer. Security teams need to understand their part in the shared responsibility model, where customers retain control of what security they choose to implement to protect their own content, platform, applications, systems, and networks, no differently than they would for applications in an onsite data center."

I think the HSE has had a policy of shifting towards the cloud for a while now. So, security is not the big reason for it.

But, you know the way things normally go. Before the HSE, we could all see the downside of the regional health boards. Now we have the HSE, we can all see the downside of centralised control (and of course centralised data networks). Hence, all the calls you hear for the HSE to be "abolished". Everyone sees the disadvantages of what is being done, not so much the benefits, or the disadvantages of the other way of doing things.

crazy 88

limnam wrote: »

If the HSE do things right.

It really could be the year of the Linux desktop :pac:

The vast majority of the specialised medical software they use wouldn't be available for Linux

crazy 88

"The cyberattack on the health service has 'destroyed the IT system' the HSE’s group head for acute hospitals said today, warning that a 'complete rebuild' was required."

https://www.irishexaminer.com/news/arid-40304705.html

What happened to the decryption key the hackers provided that the HSE successfully tested??

Cordell

A complete rebuild is required even after you successfully decrypt the data, the system is still compromised.

Think about it this way: you're coming home and you find your lock changed. Even if the one that changed the lock gives you the key and you can finally enter your home, your door is still compromised.

Gregor Samsa

crazy 88 wrote: »

What happened to the decryption key the hackers provided that the HSE successfully tested??

There isn't just one encryption key. Each file is encrypted with a separate key. So even if you get the keys, it takes ages to run though all the files and decrypt them. But that only gives you your data back (which you can often get back quicker from offline backups), and there's more to Conti than just encrypting your files. It makes loads of changes to your systems to allow it to do what it does, prevent it from being detected, allow it to use multiple CPU threads so it can work faster, etc. All of this has to be undone too - and the easiest and quickest way can often be to just wipe it all and rebuild from scratch.

FishOnABike

crazy 88 wrote: »

"The cyberattack on the health service has 'destroyed the IT system' the HSE’s group head for acute hospitals said today, warning that a 'complete rebuild' was required."

https://www.irishexaminer.com/news/arid-40304705.html

What happened to the decryption key the hackers provided that the HSE successfully tested??

Even if it did work 100% the result would be a system which you know is compromised in some way but cannot be certain what other potential malware has been left on the system. It often would be easier and better to reinstall a system from scratch than rely on a potentially compromised restoration.

ineedeuro

plodder wrote: »

I think the HSE has had a policy of shifting towards the cloud for a while now. So, security is not the big reason for it.

But, you know the way things normally go. Before the HSE, we could all see the downside of the regional health boards. Now we have the HSE, we can all see the downside of centralised control (and of course centralised data networks). Hence, all the calls you hear for the HSE to be "abolished". Everyone sees the disadvantages of what is being done, not so much the benefits, or the disadvantages of the other way of doing things.

I don't see the downside of centralised control. The HSE as an idea makes sense.

hmmm

seamus wrote: »

Having a physical backup somewhere as well, seems like a simple failsafe. But when you think about it, it is several million times more likely that physical backup stored in a locked room in our office will be stolen or destroyed, than it is that AWS will be infiltrated in such a way that their distributed data system will be lost.

I'm old school on this, nothing beats the comfort of a physical tape sitting in offsite storage.

In saying that, I agree that cloud storage is an excellent alternative and probably the right choice for companies who have never had physical backups, but you do have to ensure everything is properly configured, and you need to be very careful to control access to the cloud account. I haven't looked at Glacier much, but I'd be interested to know what someone with root access to the account could do. A physical tape has fewer failure scenarios.

ineedeuro

hmmm wrote: »

I'm old school on this, nothing beats the comfort of a physical tape sitting in offsite storage.

In saying that, I agree that cloud storage is an excellent alternative and probably the right choice for companies who have never had physical backups, but you do have to ensure everything is properly configured, and you need to be very careful to control access to the cloud account. I haven't looked at Glacier much, but I'd be interested to know what someone with root access to the account could do. A physical tape has fewer failure scenarios.

Last time I checked a cloud provider has no guarantee of data while it sits in their cloud. Also they have no SLA's etc to keep your data. If they corrupt all your data then that's your problem, not theirs.

So you go into AWS and find all your backup's have suddenly disappeared well it tough luck. You should have kept multiple back ups. You do of course have to pay more if you want multiple backups. Also if all your backups are corrupt everywhere, tough luck because it ain't AWS fault

plodder

ineedeuro wrote: »

I don't see the downside of centralised control. The HSE as an idea makes sense.

Not saying it doesn't make sense, but the argument for everyone having a hospital on their doorstep no longer works, and local interests aren't happy about that. The benefit of centralised IT can be economies of scale, but the downside may be when something like this happens, when everything is running on the same creaky old network.

Gregor Samsa

For enterprises, cloud services are for providing active services, not for backups. No-one moves a datacenter or app server to AWS and then thinks "grand, Amazon are looking after all that for me". Or at least they definitely shouldn't think that.

For consumers, of course things are a little different. Many cloud services do pitch themselves as backup services, and many people do use them as such. But it's not a "backup" if it's the only place you have your data, which people are increasingly doing (with iCloud, Google Drive, OneDrive, etc). Local copy, cloud copy, another cloud copy with a different provider would probably be enough for most people to mitigate against most risks, with offsite backups on a robust physical medium for the most valuable data worth doing too.

ineedeuro

Gregor Samsa wrote: »

For enterprises, cloud services are for providing active services, not for backups. No-one moves a datacenter or app server to AWS and then thinks "grand, Amazon are looking after all that for me". Or at least they definitely shouldn't think that.

For consumers, of course things are a little different. Many cloud services do pitch themselves as backup services, and many people do use them as such. But it's not a "backup" if it's the only place you have your data, which people are increasingly doing (with iCloud, Google Drive, OneDrive, etc). Local copy, cloud copy, another cloud copy with a different provider would probably be enough for most people to mitigate against most risks, with offsite backups on a robust physical medium for the most valuable data worth doing too.

read back over this thread, plenty of people think if they move to the cloud suddenly all security/backup etc are automatically resolved.

ineedeuro

plodder wrote: »

Not saying it doesn't make sense, but the argument for everyone having a hospital on their doorstep no longer works, and local interests aren't happy about that. The benefit of centralised IT can be economies of scale, but the downside may be when something like this happens, when everything is running on the same creaky old network.

The HSE are coming out now and saying it is old and creaky. We know a few of the hospitals have moved to paperless so as part of that they had huge upgrades done.

At the moment as I have said it is a PR exercise, the HSE are not going to come out and say actually we upgraded loads of system but we just never bothered to patch any of them. Nobody knows what the landscape is so would need that to be confirmed.

Having the latest and greatest network could have just meant the hackers got around quicker.

plodder

ineedeuro wrote: »

The HSE are coming out now and saying it is old and creaky. We know a few of the hospitals have moved to paperless so as part of that they had huge upgrades done.

At the moment as I have said it is a PR exercise, the HSE are not going to come out and say actually we upgraded loads of system but we just never bothered to patch any of them. Nobody knows what the landscape is so would need that to be confirmed.

Having the latest and greatest network could have just meant the hackers got around quicker.

I think their PCs were all being patched (even the Windows 7 ones :pac:)

I don't have any inside knowledge, but I did hear someone on the radio describe their network as basically as being very large and flat, with all different systems thrown in together that didn't need to be. It struck me as something that made sense 20 years ago, but has evolved and grown, and more functionality added to it, because that was the easiest way to do it. But, once an attacker compromises the network, they have access to many different systems.

seamus

hmmm wrote: »

I'm old school on this, nothing beats the comfort of a physical tape sitting in offsite storage.

In saying that, I agree that cloud storage is an excellent alternative and probably the right choice for companies who have never had physical backups, but you do have to ensure everything is properly configured, and you need to be very careful to control access to the cloud account. I haven't looked at Glacier much, but I'd be interested to know what someone with root access to the account could do. A physical tape has fewer failure scenarios.

So Glacier has a specific "lock" facility where you can specify a period of time during which none of your data can be changed or deleted by anyone, even your root account.
It's designed for highly regulated industries that require secure and immutable data, such as solicitors and accountants, but also for DR backups.

The only way your data can come to harm is if someone in AWS manages to delete it or the places it's being stored burn to the ground. Both of which are insanely unlikely.

Microsoft Azure has a similar facility, where they go to pains to explain that your data is stored on devices which are physically disconnected from any servers or networks. So if you request access to it, there's a delay of a few hours to get it back (presumably using some fancy pants robotic arm that grabs your disk and plugs it in).

Wombatman

I pity the IT staff in there. Must be under so much pressure. Hard not to succumb to guilt or being guilt tripped into working crazy hours.

"It completely wiped out over 2,000 systems, which are all having to be rebuilt."

https://www.rte.ie/news/ireland/2021/0603/1225850-cyber-attack/

Now subscribed uploading my own personal files on AWS
It is indeed value for money.

Hibernicis

Wombatman wrote: »

I pity the IT staff in there. Must be under so much pressure. Hard not to succumb to guilt or being guilt tripped into working crazy hours.



https://www.rte.ie/news/ireland/2021/0603/1225850-cyber-attack/

Agree with your comment about the HSE IT staff, they have been left cleaning up the mess. More and more it is looking like a very serious governance failure. The HSE Board & CEO and the DOH need to be held accountable for this.

On the ground update on one large hospital today (CUH). Some significant disparities between that and Reid's comments in the article you linked.