NHS computer systems hacked!?

[Minstadave]

In some of the hospitals I've worked XP would be an upgrade. We have systems running on text based systems without GUIs for blood results.

NHS IT is mad though. We use iPads that only allow us to log into a virtual windows desktop to peck away at the tiny windows touch keyboard to log into said result system.

 

[neil_g]

My money is someone downloading a time delayed package. And it's cascaded down the N3 line.

 

[SPG]

Lets divert attention from the general election and how the Cons are getting scared... what can we do .... Ooo i know just the ticket ...

Just sayin...

 

[Azza]

One doctor says using paper and pen is not uncommon when computer systems fail.

@drbenwhite "NHS staff used to reaching for the paper and pen when IT systems fail. more worried abt confidential data security"

No need to worry about data security when it's encrypted mate.





Too soon?

 

[mattyfez]

Kinda fits in with this.. And could help smooth the road to privatisation.. Could she really be that truly evil? this would make Hitler blush.

 

[mattyfez]

Not no need to worry about data security when it's encrypted mate.





Too soon?

Oooooooooooooo.... Epic Burn!

 

[Malevolence]

Simple patching would have prevented attack, why are the systems not kept up to date? Laziness? we cant be bothered? it wont happen to us? what is their excuse for not keeping vital systems like these up to date?

Because the NHS, like many other large corporations, uses a myriad of bespoke applications and programs designed and written to run on their current systems and upgrading the systems to the latest OS version would not only cost millions but would cause incompatibility issues with said bespoke applications.

 

[Azza]

Starting to increase again - https://intel.malwaretech.com/botnet/wcrypt/?t=1m&bid=all

Map - https://intel.malwaretech.com/WannaCrypt.html

 

[Ricimer]

What a fun day

 

[mmj_uk]

Bitcoin will probably wind up being the scapegoat and biggest casualty in this.

 

[mattyfez]

Jesus. :/

 

[neil_g]

Bitcoin will probably wind up being the scapegoat and biggest casualty in this.

Or the Tories encryption backdoor campaign will get a boost..

 

[Caged]

This is a great advert for network segmentation. Too many enterprises stick a firewall at the edge and call it a day.

 

[JayMax]

With:
Correct AV access protection rules to prevent it executing on the local machine
Correct and restrictive permissions on network shares to prevent it recursing through folders
Correct snapshot backups data can be restored within minutes

#1 is available with most corporate AV vendors that I know of, certainly McAfee VSE/ePO which is widespread in the industry.
#2 is simple IT 101
#3 is moot - but I can't believe they don't have their data on a SAN with snapshots taken.

This should never have happened, or it if did the effects should have been minimised, mitigated and the outage minimal.

 

[Caged]

AV is garbage and likely wouldn't have done anything other than providing another weakness in the system. Network share permissions are also unlikely to have helped since this particular piece of malware seems to exploit MS17-010, which is an RCE vulnerability.

The most effective way to secure your systems is not to run old software, though this is often easier said than done.

 

[Raymond Lin]

Is this a Windows only hack/virus?

 

[Amp34]

Lol what?!

That's like saying 'Why are people angry at murderers. If you didn't want to be shot you should have traveled in an armoured car'.

While I don't necessarily agree with him a more relevant analogy would be someone slamming their breaks on in front of you on purpose, but you hitting them because your brakes were in a poor state of repair, or you had bald tyres.

Yes, the person that purposely break checked you is at fault but that doesn't remove the blame from you because of your poor car maintenance.

 

[DarrenM343]

I worked in the NHS during the initial £9bn "National Program for IT" (NPfIT) and the "Connecting for Health" and "SPINE" roll outs. I can tell you from my personal experience that very little of the money actually made it as far as engineers implementing and rolling out the systems. It vanished into management companies, agencies and well-connected people's pockets. Like water running through a series of leaky pipes. A hosepipe went in one end and a trickle came out of the other. I have never seen such corruption in my life as the Department of Health.

Yes, so many want to throw more money at the NHS but that just isn't the answer, it needs a big overhaul.

Someone else blamed outsourcing, I don't think it's that at all. Public sector incompetence is rife.
In this case some people have probably been clicking links or opening attachments they shouldn't have. As everyone who uses a computer should have been trained in cybersecurity by now, sack 'em if that's what has happened.

 

[Caged]

I have sympathy for the people who have to clean this mess up, but it's 2017 and trying to dodge responsibility for keeping computer systems secure by attempting to hold an attacker responsible is not an option. If there's any good that comes out of this it will be to drive all the charlatans out the industry who claim that whatever product they are selling is a silver bullet (I am aware this is incredibly wishful thinking), and ensure that information security is properly resourced and funded within an organisation as an integral part of every project and system deployment.

 

[mattyfez]

Or the Tories encryption backdoor campaign will get a boost..

Or it's a mechanism to pave the way to an American style private health care system..
Regardless of what mistakes or oversights happened, this situation can be used as a tool to convince the public that the NHS could be better managed by private contractors, who are far more IT savvy and keep thier servers patched.
The only caveat is patient care will cost 10x more.

That means massive tax hikes or move over to a system where people have to buy very expensive health insurance policies.