SoylentNews is people
SoylentNews
Arthur T Knackerbracket has found the following story:
A rash of ransomware attacks this week targeted hospitals in the U.S. and Australia. The cyberattacks froze the computer systems of several medical facilities, to the point where they needed to turn away new patients and even cancel surgery appointments.
A ransomware attack, reported on Tuesday, impacts the DCH Health System, a regional hospital and medical complex located in Alabama, and left three satellite hospitals turning away patients. A separate attack disclosed on Monday impacted several regional hospitals in Victoria, Australia. There is no indication that the ransomware attacks are connected.
The DCH Health System, which announced it was hit by ransomware on Tuesday, is a government subdivision that operates a community-owned healthcare system in Alabama, consisting of DCH Regional Medical Center, Northport Medical Center and Fayette Medical Center. These facilities are owned by the public, and the system is operated on behalf of the public by the DCH Health System board of directors.
The three regional hospitals, located in Tuscaloosa, Fayette and Northport, are "closed to all but the most critical new patients," according to a Tuesday release. The release said that cybercriminals are limiting the hospitals' abilities to use their computer systems in exchange for an "as-yet unknown payment."
"Our hospitals have implemented our emergency procedures to ensure safe and efficient operations in the event technology dependent on computers is not available," according to the release. "That said, we feel it is in the best interest of patient safety that DCH Regional Medical Center, Northport Medical Center and Fayette Medical Center are closed to all but the most critical new patients. Our staff is caring for the patients who are currently in the hospital, and we have no plans to transfer current patients."
The hospitals said that local ambulances have been instructed to take patients to other hospitals if at all possible. Patients who come to their emergency departments may be transferred to another hospital when they are stabilized, representatives stated.
No further information is currently available. Threatpost has reached out to DCH about how and when the attack started and which specific operations are impacted.
-- submitted from IRC
(Score: 2) by Gaaark on Wednesday October 02 2019, @10:14AM (1 child)
Your TCO will go up and that's a good thing!...at least for your competitors that switched to Linux.
--- Please remind me if I haven't been civil to you: I'm channeling MDC. ---Gaaark 2.0 ---
(Score: 3, Funny) by DannyB on Wednesday October 02 2019, @02:43PM
That is incorrect sir!
Microsoft has the lowest, the very lowest TCO there is!
Nobody has a lower total cost of Pwnership than Microsoft!
I strongfully object!
When trying to solve a problem don't ask who suffers from the problem, ask who profits from the problem.
(Score: 5, Insightful) by Mojibake Tengu on Wednesday October 02 2019, @10:28AM (2 children)
This is an example syndrome of a critical social function collapse caused by inadequate technology implementation.
And it just happens in a technically superior civilisation which positioned itself as a supremacy planetary hegemony on a top of pyramid of power. Guys, how do you expect to handle daily stuff when you start a real war you always wanted against China and Russia? All this proprietary locked and backdoored hardware and software, does it make your people safer? Does it make you yourself safer?
Respect Authorities. Know your social status. Woke responsibly.
(Score: 4, Interesting) by RS3 on Wednesday October 02 2019, @02:16PM
The problem, in my view anyway, is a major lack of top-level coordination . Reminds me (too much) of problems in the medical world- lots of specialties, each with their motivations and agenda, often competing / blaming / finger-pointing, and very very poor overall coordination in many cases.
More and more software is dependent on Internet connection. Many major packages will refuse to run, or you can't save a project, unless they can phone home to mommy. And I'm not even talking about "cloud" crap- that's obvious right there.
A better architecture would have a protected LAN with all hospital equipment and doctor/nurse workstations interconnected. A VPN could be included if necessary. There would be servers to store the data, still only on the LAN.
Then, there would be well-protected machines that would shuttle information in and out of the LAN so that doctors and patients could have access to the data, appointments, medication schedules, etc.
AFAIK, most ransomware is hatched through email attachments, so keeping email off of the hospital LAN would be good.
And be _sure_ to disable any and all automatic opening / running of attachments, including images, javascript, etc. Only render plain ASCII text.
I think VPNs should be the rule, but they're no help if the ransomware gets inside.
I know, right now for example, that you can have an MRI in Tampa, and it's read by (and report written by) a radiologist in Minneapolis. Hopefully they're using VPN.
Backups! Not just the software and data, but keep backup systems. Don't toss the older servers- you might use them when the shiny new one gets trashed (something I actually do and have had to do).
(Score: 3, Insightful) by Azuma Hazuki on Thursday October 03 2019, @02:36AM
I've been wondering things like this for at least 15 years. No one in any position of power who could change this seems to give a shit. I know for damn certain that if I were a hostile foreign power's head of state and trying to take the US down, the cyberworld would be my avenue of attack.
I am "that girl" your mother warned you about...
(Score: 1, Interesting) by Anonymous Coward on Wednesday October 02 2019, @11:53AM (12 children)
Offline backups seem safe but a pain to keep current.
Online backups spread across a cloud seem easy but a juicy target.
Securing your system seems an odds game at best. (Especially with some OS vendor's business plan.)
Is there anything that works for sure and is easy?
Any consensus on best practice?
(Score: 2) by Bot on Wednesday October 02 2019, @12:05PM (1 child)
No expert on the field but the first thing I would do to keep backup data safer and confidential would be to verify if the old trick of a one way eth cable still works ...
Account abandoned.
(Score: 0) by Anonymous Coward on Wednesday October 02 2019, @12:20PM
But an information diode in the Ethernet cable would have to point towards the backup server.
The bad guy could still send stuff in, but not know if he was successful.
If he had a backup server of his own to play with, how would that work?
(Score: 1) by fustakrakich on Wednesday October 02 2019, @03:05PM (8 children)
Is there anything that works for sure and is easy?
Yep, pen and paper. You don't even need electricity.
La politica e i criminali sono la stessa cosa..
(Score: 2) by HiThere on Wednesday October 02 2019, @08:23PM (5 children)
Pen and paper are rather slow for transmitting graphics images between hospitals.
OTOH, with ASCII and a standardized compression you could do it as finely as desired. The file type that comes to mind is XPM. You'd need a standardized compression method, but what would be decompressed would be a non-executable graphics image that many standard graphics programs could handle. There should be an equivalent with sound. (If not, there certainly could be.) Video has to be done via a succession of files in specified order that are each graphics images. (This isn't optimal in transmission size, but with a decent compression routine it would be close to optimal. I don't know of any software that handles generating videos from a dictionary of XPM files, but there's nothing very hard about it. You might need to add something into the XPM standard to specify how long the image was displayed, but that could be a comment as far as the standard XPM programs are concerned...and still just be ASCII (e.g. "dwell=30ms"). (Or it could even be noise displayed in the upper left hand corner.)
So non-executable ASCII should suffice. Nothing requiring anything powerful enough to either be a Turing Machine or to satisfy the requirements of Goedell's inconsistency.
Javascript is what you use to allow unknown third parties to run software you have no idea about on your computer.
(Score: 1) by fustakrakich on Wednesday October 02 2019, @08:29PM (4 children)
What, no fax machines? That's a little like throwing away the spare tire...
La politica e i criminali sono la stessa cosa..
(Score: 2) by HiThere on Wednesday October 02 2019, @09:15PM (3 children)
Fax machines have their uses...but they don't handle high density information gracefully.
Just imagine trying to show a false-color image of a pancreas at high detail so you can show which cells you suspect might be cancerous and why.
Javascript is what you use to allow unknown third parties to run software you have no idea about on your computer.
(Score: 1) by fustakrakich on Wednesday October 02 2019, @09:29PM (2 children)
You know it's only temporary until they get the machines back up, right?
But another thing. This ransomware shit has been happening for a long time. Time to demand budgeting for proper back up. We can't really nail them for negligence yet until we do.
La politica e i criminali sono la stessa cosa..
(Score: 2) by HiThere on Thursday October 03 2019, @06:28PM (1 child)
If it's only temporary, it's not a solution.
Javascript is what you use to allow unknown third parties to run software you have no idea about on your computer.
(Score: 1) by fustakrakich on Thursday October 03 2019, @07:04PM
That's right. The solution is back ups. But until then, fax will suffice in a pinch. Plan for the future without losing touch with present.
La politica e i criminali sono la stessa cosa..
(Score: 3, Funny) by Anonymous Coward on Wednesday October 02 2019, @08:56PM (1 child)
(Score: 1) by fustakrakich on Wednesday October 02 2019, @09:20PM
Heh, I suppose the theology department only needs a wing and a prayer...
La politica e i criminali sono la stessa cosa..
(Score: 2) by janrinok on Thursday October 03 2019, @07:22AM
Yes - get it off the internet! Build dedicated networks for data that should be protected.
I am not interested in who people are or where they live. My interest starts and stops at our servers.
(Score: 4, Insightful) by Bot on Wednesday October 02 2019, @12:00PM (14 children)
No modularization in infrastructure , economy, information. This is not accidental, it ensures centralized control. Of course, as the barbarians used the Roman roads, lesser criminals use the infrastructure prepared by the top ones.
There are zero reasons to connect an hospital to the net. You can have your internet connection on a separate network or use your phone.
Account abandoned.
(Score: 0) by Anonymous Coward on Wednesday October 02 2019, @12:43PM (13 children)
If the hospital is not connected to the Internet, how do you order supplies when the hospital database says it needs something?
How does a doctor in his office look at records in the hospital?
(Score: 0) by Anonymous Coward on Wednesday October 02 2019, @01:01PM (3 children)
By phone, horse-drawn cart or avian carrier. You really think it's currently done over the Internet?
And why would he need Internet access for that? Regardless of what big telecom wants you to believe about G5, intranet really is a thing.
(Score: 0) by Anonymous Coward on Wednesday October 02 2019, @01:20PM (1 child)
And why would he need Internet access for that? Regardless of what big telecom wants you to believe about G5, intranet really is a thing.
Ok, so the hospital has a private network and also a public one, or everybody brings their own public one.
Now we extend that private network into the doctor's office.
Does he get a separate computer for each hospital he goes to?
(Score: 2) by Runaway1956 on Wednesday October 02 2019, @02:30PM
Is there any reason why he should not get a separate machine for each hospital he works in? I mean - he can afford it, right? Ten separate laptops is a smaller investment than having his own X-ray machine, isn't it? And, yes, even small-town doctors can afford their own X-ray, and ultrasound, right in the office.
(Score: 3, Interesting) by hendrikboom on Wednesday October 02 2019, @01:56PM
Here in Montreal, most clinics in the city have access to the hospital medical data bases so that they really know what happened to their patients there. That's also where the results of blood tests and the like are posted. Yes, they use the internet for that. They get essential information *much* faster than before they had this kind of access.
Though two days ago there was a computer malfunction that shut down the hospital's clinics and shut down the intake at the emergency room for an afternoon -- the first I've heard of. The hospital IT staff say it was not an internet attack.
They are still investigating, of course.
-- hendrik
(Score: 3, Interesting) by All Your Lawn Are Belong To Us on Wednesday October 02 2019, @02:13PM (7 children)
One could start with locking down such systems so that they only communicate with IP addresses that are static and validated as being part of the system. Or have a different computer for ordering products that does not have direct access to the database.
But then people would no longer be able to surf the web on their work computers. (And not all such surfing is personal, sometimes legitimate treatment information is surfed for as well).
This sig for rent.
(Score: 4, Insightful) by Runaway1956 on Wednesday October 02 2019, @02:34PM (6 children)
Needing internet access at work is understandable. Just separate the intranet from the internet, and allow zero crossover. Pain in the ass? Well, consider that the armed forces of any country deal with security full-time. Security is indeed a pain in the ass. But, the military understands that without security, you're done. It's time that the business world understood the same.
Make the intranet secure, then deal with the problems caused by that security. Need more personnel to sneakernet stuff from one network to the other? Fine, hire them. It's too late to wish you had security, after all your stuff is gone.
(Score: 0) by Anonymous Coward on Wednesday October 02 2019, @02:56PM (4 children)
Separate networks would work if not for those pesky human users.
Since you can't fix stupid, the bad guy will find a way to get in.
What do you do so that you can still function after that?
Aside from offline backups, what actually works?
(Score: 2) by Runaway1956 on Wednesday October 02 2019, @03:11PM (3 children)
Shoot the messenger. Didn't Iran shoot the idiots who carried the viruses in to wreck their centrifuges? If not, they should have.
(Score: 2) by DannyB on Wednesday October 02 2019, @03:31PM (2 children)
Did Iran know who the individuals are? Where they "idiots" who were duped, or were they spies?
When trying to solve a problem don't ask who suffers from the problem, ask who profits from the problem.
(Score: 3, Funny) by Runaway1956 on Wednesday October 02 2019, @03:39PM
I don't think any of those questions matter to the Ayatollah. Ayatollah not to bring your USB keys filled with viruses into the laboratories, but you did it anyway. Now, all of you die!!
(Score: 4, Interesting) by All Your Lawn Are Belong To Us on Wednesday October 02 2019, @03:48PM
Wikipedia's article now carries a couple of references (Jerusalem Post, Yahoo! News) to the idea that it may have been a mole under the control of Dutch intelligence that was responsible for the plant, or at least provided intelligence about how the Iranian program must work if it was based off of A.Q. Khan's work. Prior to this I remember the story was something like it was the workers or contractors themselves who delivered the payload via USB, likely with a bootlegged system update because they couldn't get the legitimate updates from Siemens (because they weren't licensed installations).
This sig for rent.
(Score: 2) by All Your Lawn Are Belong To Us on Wednesday October 02 2019, @03:33PM
I thought about that earlier as well, that the military also handles material of varying security classifications ranging from sensitive-but-unclassified all the way through codeword compartmentalization. I'd built up a picture that for the highest levels of classification they have their own dedicated network which is airgapped from the internet. I know that's at least the way it used to be, but I couldn't find anything confirming that.
This sig for rent.
(Score: 0) by Anonymous Coward on Wednesday October 02 2019, @02:45PM
Disposable shoe cover net?
(Score: 3, Interesting) by epitaxial on Wednesday October 02 2019, @01:25PM (1 child)
To using "old" terminals and AS/400 systems and you'll never have this problem. The attack vectors simply aren't there and these systems will run literally forever.
(Score: 5, Interesting) by DannyB on Wednesday October 02 2019, @03:19PM
Back in my college days, I was using a minicomputer made by Harris (in Florida, part of Hughes now, I think). (OS was called "super vulcan") This incident occurred in 1981.
The system had many terminals, but only one uniquely different "operator console" (opcom).
The manuals were literally three feet thick and literally bolted down to a large table in one of the computer rooms. Despite this, I was able to study the system extensively.
As a student, after learning assembler, I discovered a highly obscure way that I could attach an I/O connection to the physical opcom device. Knowing the model of terminal, I could determine what binary codes to send to enter a command, and ENTER it, wait a couple seconds, then home the cursor, read back the entire CRT contents, including any output from the command just entered, and display that CRT buffer contents on a remote CRT terminal. Like having remote control of the operator's console. This program was necessarily written in assembler. Later adapted for a Decwriter, so I could "use" this at another similar model minicomputer at a different nearby school. This would be the "hacking" part. Through other trickery I had learned the default password to the "maintenance" account, which nobody seemed to change. Three friends and I were able to use the maintenance account, enter a shortened version of this code, assemble and run it, and then create a new user account we could use. We logged in to our new account. Giddy with excitement, we logged out, left, and never returned. Just knowing what we had done was, I guess I would call it intoxicating.
My point: old systems are not necessarily secure. Someone passionate, who wants to voraciously study every last scrap of information there is about a system, and with lots of time on their hands, might find a vulnerability. Computer resources back then were extremely expensive. Effort in software was made to save every possible byte and cpu cycle. Security was fairly simple, or maybe an afterthought. A single remote terminal, and a login account with a default password (like IoT devices today!), might be all someone needs.
I do not think of this as some kind of super hacking. I studied the system. Discovered something. Worked out a technique to leverage it. And that's it. Nothing magical. It was the only time I've ever done anything like that. Without such complete information about the system I would never have been able to do this.
When trying to solve a problem don't ask who suffers from the problem, ask who profits from the problem.