NHS computer systems hacked!?

Rroff · 12 May 2017 at 21:13

Caged said:
I have sympathy for the people who have to clean this mess up, but it's 2017 and trying to dodge responsibility for keeping computer systems secure by attempting to hold an attacker responsible is not an option. If there's any good that comes out of this it will be to drive all the charlatans out the industry who claim that whatever product they are selling is a silver bullet (I am aware this is incredibly wishful thinking), and ensure that information security is properly resourced and funded within an organisation as an integral part of every project and system deployment.

End of the day though the hackers are almost always one step ahead - while there is little excuse for not being on top of security updates, etc. and even less excuse for sloppy practises at the end of the day no matter how secure you try to be it only goes so far - not that makes any excuse for not making an effort either.

JayMax said:
With:
Correct AV access protection rules to prevent it executing on the local machine
Correct and restrictive permissions on network shares to prevent it recursing through folders
Correct snapshot backups data can be restored within minutes

#1 is available with most corporate AV vendors that I know of, certainly McAfee VSE/ePO which is widespread in the industry.
#2 is simple IT 101
#3 is moot - but I can't believe they don't have their data on a SAN with snapshots taken.

This should never have happened, or it if did the effects should have been minimised, mitigated and the outage minimal.

While a decent backup system will help none of that will stop a "0day" infection using a new exploit that might circumvent traditional execution restrictions, etc. and even with a good backup/snapshot system you may need to delay things to properly forensically investigate to make sure you've fully cleaned the infection out and not going to have to deal with other nasty surprises.

Caged · 12 May 2017 at 21:18

Rroff said:
End of the day though the hackers are almost always one step ahead - while there is little excuse for not being on top of security updates, etc. and even less excuse for sloppy practises at the end of the day no matter how secure you try to be it only goes so far - not that makes any excuse for not making an effort either.

You could make the same argument about lots of things, but as you rightly point out it's not an excuse. This isn't a zero-day targeted exploit by a state actor (we assume, based on the thousands of other systems that are being hit around the world), it's a piece of malware that is attacking a vulnerability that has been known about for two months. I appreciate that two months isn't enough time to react to get a network the size of the NHS one fixed, but the fact it is able to spread at all between hospital departments let alone between hospitals themselves and then between trusts can't be anything other than a failing at several levels.

Rroff · 12 May 2017 at 21:22

Caged said:
You could make the same argument about lots of things, but as you rightly point out it's not an excuse. This isn't a zero-day targeted exploit by a state actor (we assume, based on the thousands of other systems that are being hit around the world), it's a piece of malware that is attacking a vulnerability that has been known about for two months. I appreciate that two months isn't enough time to react to get a network the size of the NHS one fixed, but the fact it is able to spread at all between hospital departments let alone between hospitals themselves and then between trusts can't be anything other than a failing at several levels.

Like a lot of places NHS security procedures aren't exactly a shining example - lots of logins are simply the same for username and password like reception/reception.

Raumarik · 12 May 2017 at 21:25

Lots of generalisations going on in this thread. NHS England, NHS Wales, NHS Scotland are different entities and work rather differently internally, within those trusts/boards etc also can work differently. GPs in England tend to have more say over IT than they do in Scotland for example.

There is no "NHS standard" for IT, that may well be part of the issue but one clinicians experience in Inverness will vary enormously to one in Cornwall in terms of what they can do, what gear they use and what network security etc is in place. There are very few common applications either, NHS Mail is probably the most wide spread outside of an OS and even then dozens of trusts/board don't use it.

Energize · 12 May 2017 at 21:30

mattyfez said:
Or it's a mechanism to pave the way to an American style private health care system..
Regardless of what mistakes or oversights happened, this situation can be used as a tool to convince the public that the NHS could be better managed by private contractors, who are far more IT savvy and keep thier servers patched.
The only caveat is patient care will cost 10x more.

That means massive tax hikes or move over to a system where people have to buy very expensive health insurance policies.

Health care in Japan does not cost 10x more. Where does this fallacy come from? It is not the just the NHS or the USA system, there are way more options.

Caged · 12 May 2017 at 21:42

Are people completely forgetting that Vodafone, Telefonica, KPMG, Santander etc. have been affected by this when drawing a link between this problem existing in the NHS and the public sector?

V F · 12 May 2017 at 21:43

Who is the hacker guy on Sky News that says it is likely to get worse... Lauri Love.

LewisRaz · 12 May 2017 at 21:47

Caged said:
Are people completely forgetting that Vodafone, Telefonica, KPMG, Santander etc. have been affected by this when drawing a link between this problem existing in the NHS and the public sector?

Some people have an agenda and only see what they want to see.

Glaucus · 12 May 2017 at 21:50

so its attackedmajor companies across 70 countries, nhs just being one.
and the real kicker is, microsoft patched the vulnerability back in march, so if they had just been upto date it wouldn't have happened.

I know business like to test any updates before applying them, but this clearly shows it leaves them vulnerable.
oh and the vulnerability was shown when nsa hacking tools were leaked earlier this year.
Why have so many companies not applied the patch to a known leaked hacking tools.

this_is_gav · 12 May 2017 at 21:55

This is part of the reason why I want out of the IT business. I work in a school and would have no hesitation in shutting down our network, but the backlog in restoring backups and resetting the systems, the chaos and unforeseen set-backs that staff would have to face and work around is a pain they, and subsequently I, could well do without. Staff not being able to access a day's lesson plans would be a pain for them and me, but just in the UK this has affected the very real health of hundreds or thousands of people.

We try to do things properly and everything is, to the best of my knowledge, locked down as efficiently as it can be, but if anyone responsible for a network, small or big, doesn't have a genuine fear about this sort of infection somewhere down the line then they're most likely misguided or complacent. I don't consider myself a particularly pessimistic guy, but an infection of this type would be my idea of hell, and it's not a "we'll deal with it if it happens" situation like the majority of viruses/malware, such as Blaster, it's something you have to train staff for, as that's where the true weakness lies - and once it's in the system it will propagate if undetected.

This is (most importantly) the NHS. A national collection of databases containing the health details of, in theory, an entire country. It's not like they're going to have a technician with a hard drive on a shelf with a weekly backup of every patient's details in the country, it's going to be far more complex than that, with a multitude of backups split across a multitude of sites.

While we can say this or that about the IT systems and procedures of organisations affected today, prior and subsequently, I can't help but feel for the true victims, the patients and staff, and the foot soldiers who will have to deal with the excrement flying. The fact that it probably isn't directed at the NHS or other corporate giants doesn't make it any better.

mattyfez · 12 May 2017 at 22:04

Yeah I think I agree.. Larger more inherently incumbered organisations are at far more risk, they often run a patchwork of legacy and up to date stuff, which means they can't just immediately install patches.

That scenario leave thier bums in the breeze for the month or two it takes them from receiving a patch, testing and deploying it.

If they were to deploy an untested patch that could cause major issues, and of course the IT guys would be nailed to the wall for the oversight.

Rroff · 12 May 2017 at 22:06

mattyfez said:
If they were to deploy an untested patch that could cause major issues, and of course the IT guys would be nailed to the wall for the oversight.

Yup no win situation - one of the reasons I got out of IT as a career.

Glaucus · 12 May 2017 at 22:07

mattyfez said:
Yeah I think I agree.. Larger more inherently incumbered organisations are at far more risk, they often run a patchwork of legacy and up to date stuff, which means they can't just immediately install patches.

That scenario leave thier bums in the breeze for the month or two it takes them from receiving a patch, testing and deploying it.

If they were to deploy an untested patch that could cause major issues, and of course the IT guys would be nailed to the wall for the oversight.

but surly patches should be risk assed, and a patch to a known vulnerability should probably get implemented and is low risk of causing issues, compared to other updates.

also wonder how many systems on nhs are still running xp and cant be updated ( I'm assuming ms hasn't patched it in xp, seeing as its long assed its support life)

V F · 12 May 2017 at 22:10

Glaucus said:
so its attackedmajor companies across 70 countries, nhs just being one.
and the real kicker is, microsoft patched the vulnerability back in march, so if they had just been upto date it wouldn't have happened.

I know business like to test any updates before applying them, but this clearly shows it leaves them vulnerable.
oh and the vulnerability was shown when nsa hacking tools were leaked earlier this year.
Why have so many companies not applied the patch to a known leaked hacking tools.

Smarter than the average bear?

ianh · 12 May 2017 at 22:10

Caged said:
Are people completely forgetting that Vodafone, Telefonica, KPMG, Santander etc. have been affected by this when drawing a link between this problem existing in the NHS and the public sector?

Why let facts get in the way of a good bit of "OH MY GOD, The Tories did it, it's a false flag those Tory *******'s"?

V F · 12 May 2017 at 22:15

Rroff said:
Yup no win situation - one of the reasons I got out of IT as a career.

This film truly was ahead of its time.

malachi · 12 May 2017 at 22:16

As serious this is, now is a good time to be in cyber security.

V F · 12 May 2017 at 22:30

malachi said:
As serious this is, now is a good time to be in cyber security.

Greebo · 12 May 2017 at 22:39

Malevolence said:
Will anybody be surprised when it transpires that the thing originated in Russia and the Russian authorities, when asked for help, just say "/meh"?

Russia department of internal affairs have got it too.. China anybody? Or North Korea?

qqg3 · 12 May 2017 at 22:42

Glaucus said:
microsoft patched the vulnerability back in march, so if they had just been upto date it wouldn't have happened.

Actually no. Windows XP is being used by the majority of NHS system and it hasn't been patched and never will be because Microsoft ended XP support in 2014.