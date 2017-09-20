from the security-weak.com dept.
German Hospital Hacked, Patient Taken to Another City Dies:
German authorities said Thursday that what appears to have been a misdirected hacker attack caused the failure of IT systems at a major hospital in Duesseldorf, and a woman who needed urgent admission died after she had to be taken to another city for treatment.
The Duesseldorf University Clinic's systems have been disrupted since last Thursday. The hospital said investigators have found that the source of the problem was a hacker attack on a weak spot in "widely used commercial add-on software," which it didn't identify.
As a consequence, systems gradually crashed and the hospital wasn't able to access data; emergency patients were taken elsewhere and operations postponed.
The hospital said that that "there was no concrete ransom demand." It added that there are no indications that data is irretrievably lost and that its IT systems are being gradually restarted.
Also at Ars Technica.
What should happen if the hackers are caught?
(Score: 2, Touché) by Anonymous Coward on Friday September 18, @10:25AM (1 child)
He showed by the critical system should not be connected to the internet.
(Score: 3, Insightful) by Bot on Friday September 18, @11:23AM
If he hacked a machine directly used for the patient survival, the hospital is to blame for negligence. If the hacked system was not essential, the hospital is to blame for negligence too. Charge the hacker with simple hacking and consider him a accomplice only if he shows no regret or boasts. Because then he is an accomplice in the sociopath attack on society. I know what I am talking about, am a bot.
(Score: 3, Insightful) by canopic jug on Friday September 18, @10:28AM (2 children)
What should happen if the
hackersmanagers are caught?
There. FTFY
Germany and other countries need to stop handling these managers and executives with kid gloves. Hospitals are bureaucratic enough that there is a paper trail for every little action and the process will have been documented in detail and that paper trail will show exactly who was involved in rolling out M$ products inside the hosptial's network. It will certainly include the names of the guilty managers and executives from there the court can proceed with the negligent homicide cases against the managers and others directly involved.
Germany has many options to bring to justice those who knowingly signed off on deploying the M$ products into the hospital's mission-criticial information infrastructure, along with rest of the staff involved in making that happen. Knowingly putting M$ products in a hospital to give the illusion of an information infrastructure is the digital equivalent of doping food with melamine to give the illusion of high protein content [fao.org]. In both cases it is wrong and fraudulent and there are deadly consequences.
The managers need to see real jail time for causing this.
(Score: 3, Interesting) by bzipitidoo on Friday September 18, @10:52AM (1 child)
How do we know what really happened? Sure looks like this could be a screw up that they are trying to blame on mysterious outside hackers, to divert attention from their own mistakes. They're holding back on the details, and that looks suspicious.
I don't like M$, don't like their business practices, but blaming whatever happened entirely on M$ may be as unfair as trying to blame outside hackers. Which maybe was your point.
It's typical for organizations to think of IT as an expense and try to outsource all of it. Cut to the bone. Everything can look fine, for a while, until the lack of maintenance leads to a breakdown. A good IT department fixes issues before they become serious problems. Which can make it look like they don't do anything. So lay them all off. Then a month or 3 months later, a major problem occurs, and management screams "haxxors!!"
Yeah, this smells like a bad attempt at a coverup.
(Score: 2) by canopic jug on Friday September 18, @11:28AM
It can easily be both. In fact, it is quite likely based on the history of past reactions elsewhere in the medical industry regarding networked systems and devices.
Money is not free speech. Elections should not be auctions.