back to article Project Gollum: Because NHS Caring means NHS Sharing

Even over Skype, the weeping of the National Health Service's Chief Transformation Officer could be heard even over the sound of the breaking waves here on Seven Mile Beach, Grand Cayman. No, there was no mistaking it, even over the pops and crackles from my prototype Microsoft Surface 5 Azure Edition (“always helping you by …

  1. Alister

    P2P rules!

    Make the patient database into a torrent, and share it with everybody, that way there will always be at least one copy no matter what ransomware hits us.

    You can just imagine some poor GP posting "86.2% please seed!"

    1. Anonymous Coward
      Anonymous Coward

      Re: P2P rules!

      IPFS or Swarm for distributed storage, surely?

      Not sure how you'd prevent the malicious writes, if it's read/write, but for patient records, if the (mythical technically savvy) patient controls a staging storage location, then approves the propagation of changes back to the distributed store, that's a win...? (hell, just have the NHS submit pull requests to a git repo stored on your phone with backup to a distributed store).

      Or even mediate storage with Etherium (e.g.) - that way they (or the client they're exploiting) would have to pay ETH to see the files and get the storage written... ... If that were an internal implementation, the organisation could limit damage through read/write budgets for machines/users (though that becomes another vector to cripple services!).

      On a more relevant point, general usage OSes might not be the best choice for healthcare. It was local files affected by the payload, not patient records, so following best practice means there should be nothing critical lost apart from the time taken to restore. If best practices aren't followed, then having a more tied down OS would help, and may reduce risk from broad spectrum exploits like this one... ...On which point: the payload was ransomware, but the root (NSA) exploit is said to be a persistent infection that's near impossible to detect - more worms could spreads on the same vector unless the machines are rebuilt with a clean, patched base image.

  2. Your alien overlord - fear me

    Wow, I'm just leaving hospital and thought I was still wacked out on the good stuff. Just realised I'm actually drug free and el Reg is the weird one this time !!

  3. John Smith 19 Gold badge
    Coat

    Another great hit from the Bong.

    Always appreciated.

  4. hammarbtyp Silver badge

    A less broken broker

    I initially misread the article as

    "Here I was, with the cream of top British digital talent around the CORBA table"

    and I thought, well there's your problem....

  5. getHandle

    When I see the name Mike Butcher

    I always think of Mike Reid playing Frank Butcher off of Eastenders...

  6. Michael H.F. Wilkinson
    Thumb Up

    Brilliant!

    From now on, whenever I will see the recluse of the Ecuadorian embassy I will instantly think "Nice fisssshes, gollum, gollum", or "musssstn't risssssk our neckssesss, mussst we now?"

  7. ElReg!comments!Pierre

    Serif font? UX nightmare?

    The UI is sans serif, and the text is in serif, as it bloody well should. Bong is slipping!

  8. Michael H.F. Wilkinson
    Happy

    And another thing ...

    "NHS Caring means NHS Sharing" really has a "Share and Enjoy" ring to it. Any chance of a choir of robots singing this (with their voice boxes one flattened fifth out of tune, it goes without saying)?

    1. Boris the Cockroach Silver badge

      Re: And another thing ...

      Well I can see them putting the slogan on an huge billboard only to have it sink into the ground and read "Go stick your head in a pig"

      We need a HHGTTG icon

      1. Michael H.F. Wilkinson

        Re: And another thing ...

        We certainly do need such an icon

        1. Swarthy
          Thumb Up

          Re: And another thing ...

          HHGTG icon? I thought we already had one. --->

  9. VIA_KT133

    Strangely enough...

    I found this story to be pleasantly confusing, thank you, I think.

  10. macjules Silver badge

    [Upchuck noises]

    "Yes, there is a piece of me inside Theresa May. Just hold that thought."

    Thank you, I was just considering what a lovely day it has turned out to be .. and then I had that concept injected through my eyeballs into my brain.

    1. phuzz Silver badge

      Re: [Upchuck noises]

      Ewwwww!

  11. Dark_Ronius

    Am I the only one appalled that an attack like WannaCry can happen to the NHS?

    I know a lot of organisations that back up their data onto tapes every night. Meanwhile, at home, if Wanna Cry attacked my computer I'd more than likely get a bit annoyed, stick linux in, wipe my hard drive and start a full re-install of Windows (and probably think "Well it could do with a refresh anyway").

    That this can apparently affect patient records and large swathes of the NHS is very troubling. I can understand GP surgeries, not bothering to back up regularly because they are relatively small (and overworked). Or not having the training for techie stuff, or waiting for tech support to refresh their system.

    OK in my case I owe my sense of security to Microsoft, Google and Mozilla. I can understand wanting to do things in house. But, if anything, their back up systems should be more efficient and cheaper. I'd have thought.

    The bottom line is I had a much needed Doctors appointment cancelled last week. And part of me feels like I should feel sorry for them and take part in the public anger against hackers. But another part of me feels annoyed I lost that appointment because someone didn't know how to do back-ups. And there seem to be a lot of those "someones" across the country.

    I feel like I could do a better job blindfolded at a time I struggle to find work.......

    1. Alister

      Re: Am I the only one appalled that an attack like WannaCry can happen to the NHS?

      The bottom line is I had a much needed Doctors appointment cancelled last week. And part of me feels like I should feel sorry for them and take part in the public anger against hackers. But another part of me feels annoyed I lost that appointment because someone didn't know how to do back-ups.

      I think you are making an unwarranted assumption. The actual number of systems affected by the ransomware was quite small, and most were simply shut down as a precaution, and to limit the spread of the infection, which was absolutely the right thing to do at the time.

      This was obviously a difficult decision, but in balancing the ability to honour appointments for a day against the likely impact of a ransomware infection, the answer is clear. There is no indication that GP surgeries do not have sufficient valid backups available.

    2. Anonymous Coward
      Anonymous Coward

      Re: Am I the only one appalled that an attack like WannaCry can happen to the NHS?

      " I can understand GP surgeries, not bothering to back up regularly because they are relatively small (and overworked). "

      Not all of them - the one my wife works at (only 3.5 doctors) takes a backup at the end of each day - and yes, the backup media is stored off site.

      1. Long John Brass
        FAIL

        Re: Am I the only one appalled that an attack like WannaCry can happen to the NHS?

        and yes, the backup media is stored off site.

        Yes; In the boot of a car, parked on a <shady> street. I have seen this done :(

        It didn't end well.

        1. JEDIDIAH
          Devil

          Re: Am I the only one appalled that an attack like WannaCry can happen to the NHS?

          >> and yes, the backup media is stored off site.

          > Yes; In the boot of a car, parked on a <shady> street. I have seen this done :(

          Yeah. On the other hand I've seen Iron Mountain destroy backups before. All you can really do is ensure that you've got more than one backup. Even the most robust DR plan using "reputable vendors" can run into problems.

    3. Anonymous Coward
      Anonymous Coward

      Re: Am I the only one appalled that an attack like WannaCry can happen to the NHS?

      Trusts have their own IT. GPs have GP Engineers or they did back in 2007. All GP sites have either links to the main netwokr or their own onsite server setup. Backups are done nightly, weekly and monthly all to tape. Tapes are kept either offsite or in another fire zone in the same building but in a fireproof safe.

      So no patient data would of been affected. Any machines affected would need taking away and wiping so of course services will get cancelled. Mainly because the government have underspent on IT in years. They'd love to outsource but haven't, lucky they didn't as the likes of Capita probably would of charged them for every PC they would of had to reimage.

    4. NotReal

      Re: Am I the only one appalled that an attack like WannaCry can happen to the NHS?

      Remember that the tool used to spread the malware originated from a "friendly" security agency (NSA) who's toys were stolen.

      So we have:

      * security flaw in OS

      * security service exploits this, stockpiles it and does not carry out responsible disclosure

      * security service gets hacked, hack tools stolen, still doesn't carry out responsible disclosure

      * Hacker's dump tools online

      * Software/OS vendors hastily provide patches for most flaws

      * NHS (and others) either fall to patch or are using unsupported OS versions (XP, Vista)

      * Random crim's choose ransomware as a payload for one of the leaked tools (an SMB worm) and release it into the wild, most likely expecting to hit a reasonable number of individual's PC's and get some coin.

      * Desktop machines in the NHS (and others) get widely affected, pull the plug to stop spread. Everyone checks their estates for patching etc. And begin wiping infected machines etc.

      * Servers (storing almost all sensitive data & having a far stricter patching and backup regimen) were not a primary target here and were not part of the reportedly affected machines.

      NSA faults:

      * policy of hoarding exploits

      * not securing those exploits

      * not carrying out responsible disclosure once they'd been raided

      * a question mark over whether the random crim's made the initial shower of the infection or the NSA had previously shower the infection and the crim's just pushed a payload of malware through the backdoor it created.

      Microsoft:

      * Although it was their flaw, they responded well with patches.

      * Win 10 (i.e. the up to date OS) still has question marks over privacy/dial home, so it's not yet a no-brainer for business or secure institutions like the NHS

      NHS/UK gov

      * Not upgrading OSes to supported versions

      * Not patching OSes

      * Using SMB/windows network drives where they may not be needed (allowing the worm to spread)

      * If there's a reliance on Windows, then kiosk mode, or having the desktop run in a VM on a different (independently patched) host OS (with VM backups) might have either protected the machines or sped up recovery respectively.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021