Ransomware & HSE

ineedeuro

AndrewJRenko wrote: »

They're already outsourced heavily - if an offshore provider submits the most economically advantageous tender, they get the job. You're about 20 years late with your advice.

So we're back to having to change existing processes to meet additional requirements within a fixed budget. Something's got to give.

It depends on what they currently have, if they reviewed they could drive efficiencies. You don’t seem to know so I don’t see why you are telling someone they are wrong?

ineedeuro

marieholmfan wrote: »

No it isn't and no they don't.

Thanks for clearing that up, so you think companies sign contracts and then don’t bother to review to see if they can reduce costs while increasing the service?

marieholmfan

ineedeuro wrote: »

Thanks for clearing that up, so you think companies sign contracts and then don’t bother to review to see if they can reduce costs while increasing the service?

The HSE isn't a company. You are the living embodiment of the Dunning Krueger effect.

ineedeuro

riclad wrote: »

So you think we can improve security by employing people in poland or some other low pay country in the eu.
personal medical data is of value to hackers, and fraudsters .
I don,t think theres 1000s of security professionals in poland waiting to work for the hse.
What the hse needs to do is get an outside company to audit their security
systems and practices .
are the using old passwords, do all users have admin level acess on pcs they do not need to use.
is there user logs kept on all activity on the network.
are user backups being made every day in order to recover from future hacks
Is there multiple backups in different locations that are secure from potential hacks.
so you think that 2 security experts could provide 24/7 cover and control to a network of 80,0000 pcs that are in use every day ,
that contain sensitive personal medical data.
systems have to be backed up,maintained and updated and medical info entered, eg xray scans
i don,t think the hse could employ 2 people to work more than 10 hours a day under existing eu working hours leglislation.
each hospital and hse building has iots own network of pcs in different locations all over the country

At the moment personal medical data is floating around the dark web.

In regards to the audit, if you read my previous comments I have said from the start the HSE should already have a security assessment for the last number of years, not doing one now. This will provide the detail you mention so yes I 100% agree

ineedeuro

marieholmfan wrote: »

The HSE isn't a company. You are the living embodiment of the Dunning Krueger effect.

The HSE is a company.
Im having a discussion and giving my opinion. I’m not saying the HSE have to implement it, we are on boards here not at a strategic HSE meeting, I would hope to have more information to advise at that

Trying to be condescending to people because you can’t force your own opinion onto them. Not really how boards works is it?

marieholmfan

ineedeuro wrote: »

The HSE is a company.
Im having a discussion and giving my opinion. I’m not saying the HSE have to implement it, we are on boards here not at a strategic HSE meeting, I would hope to have more information to advise at that

Trying to be condescending to people because you can’t force your own opinion onto them. Not really how boards works is it?

The HSE isn't a company.

nullzero

marieholmfan wrote: »

The HSE isn't a company. You are the living embodiment of the Dunning Krueger effect.

The irony of the concept that you referenced being spelled differently to what you wrote (it's the Dunning–Kruger effect FYI) is positively belly laugh inducing. Typos aren't typically funny, except in this one exact situation in particular.

Cluedo Monopoly

ineedeuro wrote: »

At the moment personal medical data is floating around the dark web.

For the record that rash on my scrotum was an allergic reaction!!

harringtonp

Thread is huge now, too big to read back through.

1) Any good technical articles on how the attack occurred ?

2) And any good discussion articles on whether to not a ransom was actually paid ?

mrjoneill

DublinWriter wrote: »

You're looking at the most senior of senior IT management in the HSE there.

The question is, like the rest of the HSE, was an additional upper-level of management just 'plonked' on top of the original 8-board structure?

When I was familiar with the HSE and its previous incarnations most of the senior management in charge of IT had absol no IT experience. These were civil servants that rose through the ranks. We had the fiasco of PPARS and the HSE Bed Management iSoft purchased software delivery failure. Staff had great fun back then testing viruses that popped up and clicking on email attachment to see if the virus protection caught it.

riclad

I doubt the hse has all the high level security staff they need, the civil service is good at providing stable jobs and union membership etc
The primary duty of the hse is to provide health care
It's a semi state body people get promoted based on length of service etc
It's not a company
But it can bring in outside security experts to test the security systems and recommend best practices
Basics are all pcs running up to date software
Are old pcs running windows 7 etc isolated from the rest of the network
Is there a compressive daily backup plan that's ready
For the next hacking event
With a safe restore backup plan that isolates backup
Servers from the network
When backups are complete
In many instances of Microsoft software the default is admin acess even though the average user has no need to install software are delete files or acess backup servers
Admins can change the settings to make sure most users can't acess backup servers or delete files
Companys main business is to make profits and increase the share price
Companys think in terms of 6months one year plans
The hse can afford to have a 2. 3 year plan to upgrade the network infra structure in terms of the most modern safety
And backup procedures
Things like user accounts need to be checked
Eg old user accounts need to be closed down
Eg if a person leaves the hse or retires

ineedeuro

riclad wrote: »

I doubt the hse has all the high level security staff they need, the civil service is good at providing stable jobs and union membership etc
The primary duty of the hse is to provide health care
It's a semi state body people get promoted based on length of service etc
It's not a company
But it can bring in outside security experts to test the security systems and recommend best practices
Basics are all pcs running up to date software
Are old pcs running windows 7 etc isolated from the rest of the network
Is there a compressive daily backup plan that's ready
For the next hacking event
With a safe restore backup plan that isolates backup
Servers from the network
When backups are complete
In many instances of Microsoft software the default is admin acess even though the average user has no need to install software are delete files or acess backup servers
Admins can change the settings to make sure most users can't acess backup servers or delete files
Companys main business is to make profits and increase the share price
Companys think in terms of 6months one year plans
The hse can afford to have a 2. 3 year plan to upgrade the network infra structure in terms of the most modern safety
And backup procedures
Things like user accounts need to be checked
Eg old user accounts need to be closed down
Eg if a person leaves the hse or retires

The HSE has a huge responsibility for personally data. Yes healthcare provider but they are also keeping record of everybody in ireland health and mental information

You cannot just ignore that and say it doesn’t matter because the primary function is health. In reality personal data is also a primary function

If they can’t provide a safe environment for that then serious questions need to be asked

ineedeuro

harringtonp wrote: »

Thread is huge now, too big to read back through.

1) Any good technical articles on how the attack occurred ?

2) And any good discussion articles on whether to not a ransom was actually paid ?

No
And
No

riclad

riclad wrote: »

I doubt the hse has all the high level security staff they need, the civil service is good at providing stable jobs and union membership etc
The primary duty of the hse is to provide health care
It's a semi state body people get promoted based on length of service etc
It's not a company
But it can bring in outside security experts to test the security systems and recommend best practices
Basics are all pcs running up to date software
Are old pcs running windows 7 etc isolated from the rest of the network
Is there a compressive daily backup plan that's ready
For the next hacking event
With a safe restore backup plan that isolates backup
Servers from the network
When backups are complete
In many instances of Microsoft software the default is admin acess even though the average user has no need to install software are delete files or acess backup servers
Admins can change the settings to make sure most users can't acess backup servers or delete files
Companys main business is to make profits and increase the share price
Companys think in terms of 6months one year plans
The hse can afford to have a 2. 3 year plan to upgrade the network infra structure in terms of the most modern safety
And backup procedures
Things like user accounts need to be checked
Eg old user accounts need to be closed down
Eg if a person leaves the hse or retires

They have private contractors from the likes of PFH doing a lot of their I.T. work already

Hotblack Desiato

ineedeuro wrote: »

The "lack of investment" line is coming from who/where? has anything been provided to back that up?

HSE stated in the media a year or two ago that the reason they were purchasing extended Windows 7 support was because of lack of resources to deploy Windows 10 in time. When you're in a bad place with a lot of legacy problems and not enough resources, just keeping the lights on day to day becomes the first - or only - priority.

ineedeuro wrote: »

The problem the HSE has is that other government department stopped this and they didn’t so that means it wasn’t a zero day and why could another “under funded” government department stop it yet the HSE couldn’t?

The Dept of Health's infrastructure is orders of magnitude smaller and less complex than that of the HSE and the myriad of organisations under its remit.

ineedeuro wrote: »

Again I have no problem with public sector. I just know what goes on in it, the “it’s not what you know, it’s who you know” is rife and normally the reason why we have problems like this

Absolutely talking through your hole here.

I've been working in the public sector for over 25 years in various organisations and not only did I never hear of any such thing happening, I never met anyone who claimed they had ever heard of any such thing either.

"Who you know" is indeed rife in Ireland - in the private sector.

One of my wife's ex-bosses was an incompetent who only kept his job because he used to play rugby with the head of the department. This was in an international financial services company.

cadaliac

This should be re-named the Conjecture thread.

Reading back over the past few pages - - just an observation and I know this is a discussion thread but jazuz....

The amount of opinions of what the HSE should and shouldn't do ffs. Or, what people "think" what happened.

cadaliac

cadaliac wrote: »

This should be re-named the Conjecture thread.

Reading back over the past few pages - - just an observation and I know this is a discussion thread but jazuz....

The amount of opinions of what the HSE should and shouldn't do ffs. Or, what people "think" what happened.

Same as most threads in CA or any barstool.

Some people know what x do in other countries but don't/can't provide the evidence to back it up, know it was y because they know what y are like and then it turns out to be x.

Others offer opinions based on actual knowledge and don't make fanciful claims.

Others offer opinions and state that it is simply an opinion without specific knowledge of the subject but can/are willing to listen to those that do.

AndrewJRenko

ineedeuro wrote: »

It depends on what they currently have, if they reviewed they could drive efficiencies. You don’t seem to know so I don’t see why you are telling someone they are wrong?

You can't bring about the kind of transformational change that you're are suggesting by shaving a few points off contracts here and there. For a start, it's going to involve end user training, for every one of the 100k end users at the HSE. That's going to cost, and the cost of providing replacement medical staff while all the doctors and nurses are doing their training will be substantial.

And that's before you even start working with the IT teams and projects.

But your avoidance of the budget issue exemplifies the dilemma facing the HSE and all public bodies. If they don't things properly, they get blamed for spending too much and taking too long. If they cut corners, they get blamed when things go wrong.

One might almost get the impression that some people just like moaning.

Dempo1

This Thread appears to me more of an IT systems discussion, I just wondered has anyone been impacted medically by this cyber attack. The attack seems to have pretty much gone off the news agenda, what is it now, 4 week's?

I managed to get an MRI scan done just after cyber attack (which amazed me) albeit waiting 3 years, and my god its been like trying to find a fourth secret of Fatima getting results. Now I've my regular endocrinologist appointment next week, already moved to telephone consultation because of Covid-19. I'm required to get specific blood tests done in advance and due to cyber attack, my GP can not do and send bloods for analysis, nor can the Hospital were endocrinologist based do bloods for analysis. Thankfully I'm certainly not critical but blood work seriously important and must be having a serious impact on patient's with more serious illnesses than I.

kathleen37

Dempo1 wrote: »

This Thread appears to me more of an IT systems discussion, I just wondered has anyone been impacted medically by this cyber attack. The attack seems to have pretty much gone off the news agenda, what is it now, 4 week's?

I managed to get an MRI scan done just after cyber attack (which amazed me) albeit waiting 3 years, and my god its been like trying to find a fourth secret of Fatima getting results. Now I've my regular endocrinologist appointment next week, already moved to telephone consultation because of Covid-19. I'm required to get specific blood tests done in advance and due to cyber attack, my GP can not do and send bloods for analysis, nor can the Hospital were endocrinologist based do bloods for analysis. Thankfully I'm certainly not critical but blood work seriously important and must be having a serious impact on patient's with more serious illnesses than I.

Yes. This is the real issue. Horrific impact on patients.

Dempo1

kathleen37 wrote: »

Yes. This is the real issue. Horrific impact on patients.

I'm no IT expert but I've felt from the outset this attack far far worse than being let on about.

radiospan

Does anyone know if the number of vaccines administered per day has been hit much by this?

I know the reporting of numbers vaccinated is badly hit, but it is actually affecting the rollout? Seen some graphs online where it seems to show serious impact.

ineedeuro

radiospan wrote: »

Does anyone know if the number of vaccines administered per day has been hit much by this?

I know the reporting of numbers vaccinated is badly hit, but it is actually affecting the rollout? Seen some graphs online where it seems to show serious impact.

No, the system for the vaccinations is not run by the HSE.

Cuddlesworth

DublinWriter wrote: »

That's not a lot for an organisation of that size and significance.

I was thinking that but I have no idea how the HSE is really structured. A quick look at job postings implies that each hospital group seems to function semi-independently from the HSE and are expected to follow "policy". So the actual cost may be significantly higher across the org.

ineedeuro

Dempo1 wrote: »

I'm no IT expert but I've felt from the outset this attack far far worse than being let on about.

It seems yet again the media is failing the people of Ireland. RTE for one after the initial positive PR campaign for the HSE got it off the news very very quickly and has kept it off as well.

Just looking at the app now, we do have a story about a meat company affected by ransomware, which in the article it mentions the US fuel pipe attack and links to story.....nothing about the HSE which you would think is strange.

Plenty of other very important news stories on the app as well. Like crowds in the UK watching the demolition of a power station.

Wombatman

cadaliac wrote: »

I have to ask a stupid question - how do we know that "they" were lurking around the network for 2 weeks?
Has this been confirmed ? Or, is this just more hearsay and conjecture?
Is there any evidence of this?
If they were or proven to be already inside the domain for 2 weeks, how was this detected?
Otherwise, pure speculation...

cadaliac wrote: »

This thread should be renamed to the "HSE conjecture" thread.

The amount of people starting the reply's with "I think" or "I Believe" or " I heard"

FFS, illusions and guesswork is strong here.

cadaliac wrote: »

This should be re-named the Conjecture thread.

Reading back over the past few pages - - just an observation and I know this is a discussion thread but jazuz....

The amount of opinions of what the HSE should and shouldn't do ffs. Or, what people "think" what happened.

I conjecture, you like the word conjecture. Maybe have a look in a thesaurus and spice things up a bit.

What's your reading of the situation based on the facts available?

Dempo1

ineedeuro wrote: »

It seems yet again the media is failing the people of Ireland. RTE for one after the initial positive PR campaign for the HSE got it off the news very very quickly and has kept it off as well.

Just looking at the app now, we do have a story about a meat company affected by ransomware, which in the article it mentions the US fuel pipe attack and links to story.....nothing about the HSE which you would think is strange.

Plenty of other very important news stories on the app as well. Like crowds in the UK watching the demolition of a power station.

Couldn't put it better myself

Wombatman

AndrewJRenko wrote: »

You can't bring about the kind of transformational change that you're are suggesting by shaving a few points off contracts here and there. For a start, it's going to involve end user training, for every one of the 100k end users at the HSE. That's going to cost, and the cost of providing replacement medical staff while all the doctors and nurses are doing their training will be substantial.

And that's before you even start working with the IT teams and projects.

But your avoidance of the budget issue exemplifies the dilemma facing the HSE and all public bodies. If they don't things properly, they get blamed for spending too much and taking too long. If they cut corners, they get blamed when things go wrong.

One might almost get the impression that some people just like moaning.

How about they spend enough and do it right? Yes it's going to be a massive, massive challenge, but if it needs to be done it needs to be done. How about starting with opportunities and enablers instead of firing out a list of potential difficulties?

Do you agree that the ITC systems and structures in the HSE generally need a comprehensive root and branch overhaul?

cadaliac

Wombatman wrote: »

I conjecture, you like the word conjecture. Maybe have a look in a thesaurus and spice things up a bit.

What's your reading of the situation based on the facts available?

Honestly, I don't know.
There are two or three posters that I would listen to on here alright.
I believe the HSE network is a lot bigger than most realise and the segmentation of different networks is huge and complex. Multiple sites and all that goes with it etc. So, not cut and dry like some believe.

Media blackout would indicate the seriousness of it.
As just mentioned the patients that can't get treatment are the real priority now (outside of the IT work).

I didn't realise I double posted so I ban myself from using the word {conjecture} again.

Hotblack Desiato

Talk of a media blackout is laughably paranoid and delusional

What do you expect them to be reporting on, exactly?

"Day 29, as thousands continue to battle the IT meltdown, here's Bridie from Ballymote talking about her bunions"

The media haven't got a clue about technology and the public don't care. It's not as if HSE waiting lists weren't there already... everyone knows this and nobody really cares as long as their taxes don't go up and they're not personally affected.

riclad wrote: »

Are old pcs running windows 7 etc isolated from the rest of the network

Can people stop going on and on about Windows 7?

It was publicly announced when it went out of mainstream support that the HSE were buying extended support.