SoylentNews is people
SoylentNews
Hospitals are at a high risk of cyberattacks, but patients don't realize it:
Information technology experts are worried about increasing rates of ransomware attacks on healthcare organizations. Most patients, though, don't know they're happening, according to a new survey.
Southern Ohio Medical Center, a not-for-profit hospital in Portsmouth, Ohio, canceled appointments for today and is diverting ambulances after it was hit by a cyberattack on Thursday. It's part of a series of escalating attacks on healthcare organizations in the past two years — a trend that could have serious consequences for patient care.
But while information technology experts are well aware that the risk of cyberattacks that compromise patient data and shut down computer systems is on the rise, patients don't seem to be, according to a new report by cybersecurity company Armis. In fact, over 60 percent of people in the general public surveyed in the new report said they hadn't heard of any cyberattacks in healthcare in the past two years.
That's despite a doubling of cyberattacks on healthcare institutions in 2020, high-profile incidents like the attack on hospital chain Universal Health Services, and a major threat from groups using the ransomware Ryuk. The magnitude of attacks during the COVID-19 pandemic shocked experts, who said that ransomware gangs were targeting hospitals more aggressively than they had before. Unlike attacks on banks or schools, which are also common, these attacks have the potential to directly injure people.
(Score: 4, Interesting) by Anonymous Coward on Wednesday November 17 2021, @08:52PM (4 children)
I can tell you 'WHY'... middle managers. I have had a couple of these power idiots in my career. "I want to be able to see this on my BlackBerry." So IT open a hole in the security for this; then a month later another, and another. Until your shield of steel looks like a chicken fence.
(Score: 0) by Anonymous Coward on Wednesday November 17 2021, @10:03PM (2 children)
A one-way mirror of the main server on a separate system would appease the idiots without opening a hole. Everyone and their dog could hack & encrypt the thing to their hearts' content... till a scheduled reboot from a read-only device pulls a new clean copy of the database.
(Score: 1, Redundant) by Runaway1956 on Thursday November 18 2021, @02:55AM (1 child)
Curious - what does it take to build a "one-way mirror"? Just define it please, and maybe I will agree with you.
But, I think I would prefer complete isolation of infrastructure and critical systems. The lard-ass hospital administrator can physically haul his lame ass inside the hospital perimeter to make his inquiries. I view anything less as criminal mischief, criminal negligence, malfeasance, or similar.
Abortion is the number one killed of children in the United States.
(Score: 3, Informative) by tangomargarine on Thursday November 18 2021, @04:54AM
Glass, and a layer of reflective metal?
Oh, you were probably referring to the network metaphor huh. It seemed pretty clear that what they were describing was basically a RAID 1 setup that gets periodically restored over itself. (Or some similar thing before you object to my exact phrasing.)
"Is that really true?" "I just spent the last hour telling you to think for yourself! Didn't you hear anything I said?"
(Score: 0) by Anonymous Coward on Wednesday November 17 2021, @11:46PM
That's why you need to separate your reporting and querying functions. An industrial process can broadcast process state, but must not accept any form of input, including even the simple selection of a particular field.
Querying should be done by a service that listens to the broadcast process state, optionally stores it, performs any necessary munging, and most crucially, is the sole exposure to inputs. This prevents your critical process from expoaure to that security hole, and makes your middle manager feel "empowered" (despite being the threat in this scenario).
Changes to process state--inputs to the process!--should be communicated face-to-face, if you actually want real security and not theater. Deep fakes are making social engineering even more of a threat. At least with face-to-face, you only need to cope with compromised or malicious personnel.