Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Cyber attack on the NHS

  • 12-05-2017 5:07pm
    #1
    Registered Users, Registered Users 2 Posts: 8,452 ✭✭✭


    Just saw this in the news. Many NHS hospitals and GP surgeries have been denied access to all their patient files and are being asked to pay money or the files will be deleted. This has the potential to result in deaths as all patient medical history, scans, X-rays, treatments, prescriptions, appointment etc are contained in these files.

    I don't know much about cyber security but you'd think that the such sensitive information would be unhackable, if that's possible? I wonder who is responsible...Is this the new face of terrorism?

    Apparently it is happening in other countries too

    http://www.telegraph.co.uk/news/2017/05/12/nhs-hit-major-cyber-attack-hackers-demanding-ransom/


«1

Comments

  • Closed Accounts Posts: 3,759 ✭✭✭Winterlong


    Seems to be a global ransomware attack. The vulnerability was patched in March but I guess these machines were not patched.
    The attack started this morning in Spain. Someone is getting rich.


  • Closed Accounts Posts: 62 ✭✭bluewizard


    ceadaoin. wrote: »
    would be unhackable, if that's possible?
    Not possible.


  • Posts: 25,611 ✭✭✭✭ [Deleted User]


    ceadaoin. wrote: »
    Just saw this in the news. Many NHS hospitals and GP surgeries have been denied access to all their patient files and are being asked to pay money or the files will be deleted. This has the potential to result in deaths as all patient medical history, scans, X-rays, treatments, prescriptions, appointment etc are contained in these files.

    I don't know much about cyber security but you'd think that the such sensitive information would be unhackable, if that's possible? I wonder who is responsible...Is this the new face of terrorism?

    Apparently it is happening in other countries too

    http://www.telegraph.co.uk/news/2017/05/12/nhs-hit-major-cyber-attack-hackers-demanding-ransom/
    Just takes the right couple of fools in the right place in the "network" for **** like that to propagate, likely wasn't a targeted attack.


  • Registered Users, Registered Users 2 Posts: 10,969 ✭✭✭✭alchemist33


    bluewizard wrote: »
    Not possible.

    It is if we do what's necessary to protect against the cylons - go back to pen, paper, stagecoaches and carrier pigeons!


  • Registered Users, Registered Users 2 Posts: 8,452 ✭✭✭ceadaoin.


    Just takes the right couple of fools in the right place in the "network" for **** like that to propagate, likely wasn't a targeted attack.

    Yeah I've just been reading that. Possibly someone on the network clicked on a link in a dodgy email and started the whole thing. Hate to be that person right now!


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 16,731 ✭✭✭✭osarusan


    Have they tried turning it off and then on again?


  • Closed Accounts Posts: 18,268 ✭✭✭✭uck51js9zml2yt


    osarusan wrote: »
    Have they tried turning it off and then on again?

    Yes ...but it didn't work.


  • Closed Accounts Posts: 40,061 ✭✭✭✭Harry Palmr


    It is if we do what's necessary to protect against the cylons - go back to pen, paper, stagecoaches and carrier pigeons!

    No just go back to phones, telex machines, and LANs


  • Registered Users, Registered Users 2 Posts: 24,604 ✭✭✭✭pjohnson


    This was an actual CSI Cyber episode.


  • Closed Accounts Posts: 1,166 ✭✭✭Beyondgone


    My mate Dave fixes computers in the evenings. Last time we got a ransomware virus I dropped the pc around to him and he sorted it in an hour. Didn't have to pay any ransom. Up yours hacker boy.

    If the NHS want Daves number, I think he might have gone out on the beer with the lads, but he'll be back at it Monday - though he's usually not himself till Tuesday if it was a heavy weekend - just PM me and I'll text ye his number. The mans a genius. He only does Dells tho.


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 2,214 ✭✭✭wylo


    This same attack happened me but thankfully everything was on Dropbox so I was able to roll back . Other than that it was gone.

    Happened to an accountant I know and after a week or two of panic and IT help her only option was to pay it.

    Lessons learned: just don't open files that are strange , even word files. And turn on system restore.


  • Registered Users, Registered Users 2 Posts: 3,068 ✭✭✭Specialun


    Its very big news this. A& e department have been shut down. Whether they paid is unknown.


  • Registered Users, Registered Users 2 Posts: 3,068 ✭✭✭Specialun


    wylo wrote: »
    This same attack happened me but thankfully everything was on Dropbox so I was able to roll back . Other than that it was gone.

    Happened to an accountant I know and after a week or two of panic and IT help her only option was to pay it.

    Lessons learned: just don't open files that are strange , even word files. And turn on system restore.

    The best protection you can have is to have back up, latest updates of av.


  • Registered Users, Registered Users 2 Posts: 2,811 ✭✭✭Gone Drinking


    Yes, there will be probably data loss. Local data to the machines affected will be fcuked unless they pay the ransom (granted, it's real ransomware and the data is really encrypted).

    Important data like xrays, patient files etc will be stored in shared, redundant storage, which is backed up. If things are set up correctly, worst case scenario would mean that there's 12 or 24 hours worth of some of that data affected that will be lost.

    Best case scenario, it's not real encryption or they're taking more granular backups and will have a more valid restore point to work off than 12/24 hours.

    Either way, this can only happen if the machines are not patched up and running the latest virus updates, which is scary. Although there's a slight chance this is a brand new virus, in which case, there would have been very little they could have done.


  • Registered Users, Registered Users 2 Posts: 10,501 ✭✭✭✭Slydice


    ceadaoin. wrote: »
    you'd think that the such sensitive information would be unhackable, if that's possible

    I suppose.. if it helps bring ya back down to earth..

    think about how much money we like giving to health services, how much money we like to pay the staff in the health service etc..


  • Closed Accounts Posts: 62 ✭✭bluewizard


    Specialun wrote: »
    latest updates of av.
    Oh yesss... This ^
    But surely fear no stupid admins who set no restrictions on root logon, has no ideas of VLANs, firewalls, switches, SQL injections and may others... Antivirus is your cure :rolleyes:

    There are so many ways to fuk/steal things up...


  • Registered Users, Registered Users 2 Posts: 4,195 ✭✭✭Corruptedmorals


    Slydice wrote: »
    I suppose.. if it helps bring ya back down to earth..

    think about how much money we like giving to health services, how much money we like to pay the staff in the health service etc..

    Don't worry, the HSE is built on paper, paper results, physical charts and more paper.


  • Registered Users, Registered Users 2 Posts: 7,828 ✭✭✭stimpson


    My money is on the Tories just trying to speed up the inenvitable.


  • Registered Users, Registered Users 2 Posts: 4,188 ✭✭✭wil


    It is if we do what's necessary to protect against the cylons - go back to pen, paper, stagecoaches and carrier pigeons!
    Sunlight, Fire, mould, highwaymen and hawks.

    If you see flames, masked men or sharp talons, backup, backup, backup and take a different route.


  • Registered Users, Registered Users 2 Posts: 9,166 ✭✭✭Fr_Dougal




  • Advertisement
  • Registered Users, Registered Users 2 Posts: 11,205 ✭✭✭✭hmmm


    Don't blame the techies, usually they want to patch their systems ASAP - usually this sort of thing is caused by management not paying for Operating System upgrades, or someone insisting the techies maintain some piece of crap software which only runs on some ancient unpatchable operating system.

    100 grand for an NHS trust is nothing on security - they need to be spending multiples of that.


  • Registered Users, Registered Users 2 Posts: 4,188 ✭✭✭wil


    Fr_Dougal wrote: »

    Costs very little to warn, and yes it is naive or reckless not to allocate resources but it is becoming an unending indeterminable tail chase as the increasing demand to make things easier makes the criminal exploitation more so.
    There is also an onus on the systems providers to make critical systems more secure in light of the internet.


  • Registered Users, Registered Users 2 Posts: 1,574 ✭✭✭WhiteMemento9


    Winterlong wrote: »
    Seems to be a global ransomware attack. The vulnerability was patched in March but I guess these machines were not patched.
    The attack started this morning in Spain. Someone is getting rich.

    Ransomware utilising an SMB exploit (EternalBlue vulnerability) which was discovered by the NSA and then leaked by a group called the Shadow Brokers just over a month ago. This exploit as you say was patched by MS recently.

    Windows XP was end of life in April 2014 which means no more security patches from MS.

    In many companies they still use very old software for applications which they have never been updated so they simply don't run on later versions of windows which in turn means they never upgraded many computer from XP. It seems this practice is particularly prevalent in the NHS.


  • Registered Users, Registered Users 2 Posts: 1,784 ✭✭✭highgiant1985


    i keep reading this malware is exploiting a known issue but that a patch was available that would have prevented this if it had been updated. any one able to share details of what that patch is?


  • Registered Users, Registered Users 2 Posts: 1,574 ✭✭✭WhiteMemento9


    i keep reading this malware is exploiting a known issue but that a patch was available that would have prevented this if it had been updated. any one able to share details of what that patch is?

    Read my post above for more details. This is the patch.

    https://technet.microsoft.com/en-us/library/security/ms17-010.aspx


  • Registered Users, Registered Users 2 Posts: 4,573 ✭✭✭Infini


    Ransomware is only effective if noone has backups. Its completely ineffective on people with backups expecially if they're backed up regularly with multiple backups as the virus can be nuked and an older copy restored over it and then patched.

    These attacks are lowlifes just looking for easy cash usually criminals as well who do this. Just goes to show you why its best to keep your system up to date with antivirus as well as back up all your important things to external drives etc.


  • Registered Users, Registered Users 2 Posts: 26,899 ✭✭✭✭BBDBB


    NHS in Wales are reporting that they are unaffected by the malware attack, all their leeches are fine and normal service is continuing


  • Closed Accounts Posts: 1,124 ✭✭✭by8auj6csd3ioq


    On TV an expert said it would go through the network and to backups. is this true and why are the backups not firewalled off or protected in some way?


  • Closed Accounts Posts: 1,166 ✭✭✭Beyondgone


    On TV an expert said it would go through the network and to backups. is this true and why are the backups not firewalled off or protected in some way?

    Put your back-up HD into an old van. I read this on another thread. The Hackers can't get into old metal vans. You learn unreal useful stuff on the internet. Just passing on the knowledge.


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 1,574 ✭✭✭WhiteMemento9




  • Closed Accounts Posts: 12,452 ✭✭✭✭The_Valeyard


    Here are the attacks in real time


    https://intel.malwaretech.com/WannaCrypt.html


  • Registered Users, Registered Users 2 Posts: 1,574 ✭✭✭WhiteMemento9


    Beyondgone wrote: »
    Put your back-up HD into an old van. I read this on another thread. The Hackers can't get into old metal vans. You learn unreal useful stuff on the internet. Just passing on the knowledge.

    Brightly colored vans are susceptible to the XJ-43JK SM tool. Red, yellow and pink are most at risk. Dark ones particularly black should be fine. Repainting them is your only option to protect yourself.


  • Closed Accounts Posts: 1,166 ✭✭✭Beyondgone



    I'm afraid to click on that in case it's "The Infection". :( Even with the HD in the transit. Can you get this by going on DD? I want to start buying up Caddies. I reckon they're gonna shoot up in value once word gets out. I wonder will Seat Incas go up too?


  • Closed Accounts Posts: 1,166 ✭✭✭Beyondgone


    Brightly colored vans are susceptible to the XJ-43JK SM tool. Red, yellow and pink are most at risk. Dark ones particularly black should be fine. Repainting them is your only option to protect yourself.

    Ah here. you're only messing with that ^ surely?:confused: Like the colour matters lad. Metal is metal. Mine isn't even a Caddy and someone said it would be fine. I think you're overthinking this one. Be grand.


  • Registered Users, Registered Users 2 Posts: 30,432 ✭✭✭✭Wanderer78


    Beyondgone wrote: »
    Ah here. you're only messing with that ^ surely?:confused: Like the colour matters lad. Metal is metal. Mine isn't even a Caddy and someone said it would be fine. I think you're overthinking this one. Be grand.

    famous last words, dont take the chance!


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 30,432 ✭✭✭✭Wanderer78


    any idea where it originated from?


  • Closed Accounts Posts: 1,166 ✭✭✭Beyondgone


    Wanderer78 wrote: »
    any idea where it originated from?

    Someone said Trump had the NHS develop a hack into NASA and then the Russians got it and dumped it onto Facebook where a dark shadowy crowd robbed bits of it and used it to hack into the AIB looking for money. I think.

    Another Poster mentioned Worms.

    I'm looking at the dog now. He looks quite shifty.


  • Closed Accounts Posts: 5,058 ✭✭✭whoopsadoodles


    Ransomware utilising an SMB exploit (EternalBlue vulnerability) which was discovered by the NSA and then leaked by a group called the Shadow Brokers just over a month ago. This exploit as you say was patched by MS recently.

    Windows XP was end of life in April 2014 which means no more security patches from MS.

    In many companies they still use very old software for applications which they have never been updated so they simply don't run on later versions of windows which in turn means they never upgraded many computer from XP. It seems this practice is particularly prevalent in the NHS.

    The issue with healthcare specifically is legacy systems which as you say, simply do not work on newer servers.

    Upgrading 'seemingly' perfectly functioning patient management systems at huge costs, man hours and down time is not something you can convince any non technical "head of decison making" to do.

    Vendors of healthcare equipment ans software are shockingly bad at keeping their own systems up to date also, but it's a niche market, and so organisations aren't left with many options.

    The bottom line is that IT in hospitals costs money, and makes none, so spending is reduced to the bare minimum.

    And then IT get the blame when bad things happen :)


  • Registered Users, Registered Users 2 Posts: 1,574 ✭✭✭WhiteMemento9


    The issue with healthcare specifically is legacy systems which as you say, simply do not work on newer servers.

    Upgrading 'seemingly' perfectly functioning patient management systems at huge costs, man hours and down time is not something you can convince any non technical "head of decison making" to do.

    Vendors of healthcare equipment ans software are shockingly bad at keeping their own systems up to date also, but it's a niche market, and so organisations aren't left with many options.

    The bottom line is that IT in hospitals costs money, and makes none, so spending is reduced to the bare minimum.

    And then IT get the blame when bad things happen :)

    Hopefully if anything good comes from this it will be that non-tech people maybe don't roll their eyes when someone is trying to explain the dangers of using such systems on a network.

    "The Long Night is coming, and the dead come with it. No clan can stop them, the Free Folk can't stop, the Night's Watch can't stop them, and all the southern kings can't stop them. Only together, all of us. And even then it might not be enough, but at least we'll give the fu**ers a fight". - SysAdmin


  • Registered Users, Registered Users 2 Posts: 1,878 ✭✭✭heroics


    We have the issue in our place as well. Only just got rid of some legacy software that only ran on xp. Still have to keep a couple of vms turned off with xp just in case. Also software that will only run on ie8 or ancient versions of Java etc. These are always business critical but as they work no one will sign off on the cost of the upgrade.

    Makes it very frustrating when you know it's vulnerable.

    I see Microsoft released an xp patch for this vulnerability today. http://www.catalog.update.microsoft.com/ScopedViewInline.aspx?updateid=9e189800-f354-4dc8-8170-7bd0ad7ca09a


    According to this the NHS was running xp on 90% of its PCs in 2016.
    https://www.infosecurity-magazine.com/news/microsoft-xp-patch-wannacry/


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 3,739 ✭✭✭scamalert


    anyone that worked as desktop support or sys admin would know it takes few tools who shouldn't even have access to pc in the first place for such crap to happen.

    obtaining emails is quite easy from public services since usually its name.surname@nhs.gov.uk put right story in and attach executable link or file and someone out of thousands will click without thinking twice to execute it.

    If right measures were in place it will be only headache for IT department to restore from images and backups those affected, and grilling everyone on how to use computer, since many people in such professions could be expert MD's but when it comes to computers or internet any kid past 12 would have more knowledge and common sense.


  • Closed Accounts Posts: 12,078 ✭✭✭✭LordSutch


    How come Wales & NI escaped with their NHS computers intact?


  • Registered Users, Registered Users 2 Posts: 1,574 ✭✭✭WhiteMemento9


    scamalert wrote: »
    anyone that worked as desktop support or sys admin would know it takes few tools who shouldn't even have access to pc in the first place for such crap to happen.

    obtaining emails is quite easy from public services since usually its name.surname@nhs.gov.uk put right story in and attach executable link or file and someone out of thousands will click without thinking twice to execute it.

    If right measures were in place it will be only headache for IT department to restore from images and backups those affected, and grilling everyone on how to use computer, since many people in such professions could be expert MD's but when it comes to computers or internet any kid past 12 would have more knowledge and common sense.

    That isn't how this worm is spreading. This thing looks for unpatched systems and spreads itself. No click required.

    To infect a network it has to find an open port or a forwarded port (445 in this case) to a unpatched machine. It then infects that machine and then scans the local network (inside the firewall) and infects any unpatched machines.

    Another part of the problem is that unique to this malware is that it can spread to new machines through cloud sync. Online backup is ineffective against this attack, as any uninfected machine that tries to access the online backup would immediately become infected.

    Hard backups for information as large as the NHS data set are going to be huge, time consuming etc. I am not even sure they would be practical unless doing it over set periods of time which doesn't make sense considering the ever changing nature of the data in a health system.

    Obviously keeping up to date machines running security is what should be happening.


  • Registered Users, Registered Users 2 Posts: 1,574 ✭✭✭WhiteMemento9


    Random IT guy hits the kill switch.

    How to Accidentally Stop a Global Cyber Attacks


  • Registered Users, Registered Users 2 Posts: 32,370 ✭✭✭✭Son Of A Vidic


    ceadaoin. wrote: »

    And it's all an inevitable consequence of NSA and CIA clowns, losing control of the hacking tools they created to spy on everybody.


  • Moderators, Business & Finance Moderators, Science, Health & Environment Moderators, Society & Culture Moderators Posts: 51,690 Mod ✭✭✭✭Stheno


    LordSutch wrote: »
    How come Wales & NI escaped with their NHS computers intact?

    NI have very few xp machines if any


  • Closed Accounts Posts: 8,585 ✭✭✭jca


    heroics wrote: »
    We have the issue in our place as well. Only just got rid of some legacy software that only ran on xp. Still have to keep a couple of vms turned off with xp just in case. Also software that will only run on ie8 or ancient versions of Java etc. These are always business critical but as they work no one will sign off on the cost of the upgrade.

    Makes it very frustrating when you know it's vulnerable.

    I see Microsoft released an xp patch for this vulnerability today. http://www.catalog.update.microsoft.com/ScopedViewInline.aspx?updateid=9e189800-f354-4dc8-8170-7bd0ad7ca09a


    According to this the NHS was running xp on 90% of its PCs in 2016.
    https://www.infosecurity-magazine.com/news/microsoft-xp-patch-wannacry/

    Hark!! Is that the sound of horses hooves travelling away in the distance? One must bolt the stable door immediately...


  • Registered Users, Registered Users 2 Posts: 3,739 ✭✭✭scamalert


    WhiteMemento9 very good description ,tbf didnt read was it virus or anything else.

    That said given port 445 and how long its well known could it be that some branches were running win xp and the likes thus someone putting port 445 on access list as permitted to let other services run,since most routers automatically will drop port that isnt specified in acl when creating WAN networks.technical question


  • Registered Users, Registered Users 2 Posts: 1,515 ✭✭✭Firefox11


    jca wrote: »
    Hark!! Is that the sound of horses hooves travelling away in the distance? One must bolt the stable door immediately...

    You would be probably shocked of the amount of legacy systems and operating systems that are out there running critical pieces of equipment that can't be upgraded that easily.

    Running custom applications that were developed maybe 10-15 years ago costing thousands maybe millions to develop at the time.

    These systems need to be kept far away for the internet as possable.


  • Registered Users, Registered Users 2 Posts: 4,573 ✭✭✭Infini


    Firefox11 wrote: »
    You would be probably shocked of the amount of legacy systems and operating systems that are out there running critical pieces of equipment that can't be upgraded that easily.

    Running custom applications that were developed maybe 10-15 years ago costing thousands maybe millions to develop at the time.

    These systems need to be kept far away for the internet as possable.

    To be honest its not that suprising, any hardware from the last 10 to 15 years is usually using XP as it was the prevalent OS at the time. The problem is software from that far back wont work on newer OS's and hardware as they're not compatable. As such any of these systems would need to be closed off entirely from any connection to the internet or restricted to a completely internal intranet only.

    Really something like this was due to happen at some point it just exposes how so much hardware is stuck on older software and the reason why stuff needs to be upgraded or built on platforms that will still be supported a decade from now. Its why MS kinda pushed W10 so hard as they intend to support as much hardware as possible on a single platform that can be upgraded regularly.


  • Advertisement
Advertisement