New Zealand hospitals infected by ransomware, cancel some surgeries New Zealand's Waikato District Health Board (DHB) has been hit with a strain of ransomware that took down most IT services Tuesday morning and drastically reduced services at six of its affiliate hospitals. The attack disabled all IT services except email. Patient notes became inaccessible, clinical services were disrupted, …
Banks have switched to in-house "secure messaging". That's hard to do for a health board (in any country, not just NZ) because getting every citizen set up with a trustworthy access mechanism would be a logistical nightmare.
But you'd think they could virus-scan all incoming attachments.
Users where TOLD not to open attachments, clear and simple so one user opened one and encrypted not only his data but also data on network shares. There was an imaginary line of Techies who wanted to give him a slap. So it was down to us to restore the Backups and retrieve the Tapes.
Easily said but when there is so much garbage buried in html in the simplest email it is difficult. So many things are sent out as attachments, usually by automated systems this is a total nightmare. Why does our SAP system have to send you a PDF copy of a document attached to a blank email? The contents of the PDF could very easily be in the body of the email as it is just telling you something has been done.
IT itself is the cause of much of the issues in the way that endless eye candy is more important than security or function. You can blame the users as much as you want and yes, stupidity or carelessness is part of the problem but we have known this for years but very little appears to be done to reduce the need to click on links and attachments. That is not the the fault of the users.
It seems that email phishing is the main reason for successful ransomware attacks, doesn't it?
There are many technical answers at different levels (firewall, mail server, client) to mitigate, but the most efficient one is users education. And by education I mean repeat the information again and again.
Totally agree.
Unfortunately, we're talking hospital here. Nurses have other things to do than follow security seminars on email handling. Especially when governments are notorious for cutting down on healthcare spending.
Hospital personnel have been overworked for years, it's not new.
I don't know what the solution is, but to me it should be before the email reaches the inbox. Maybe have a system that scans email contents, quarantines anything with a link for further analysis, then checks all links for acceptability before depositing them at their destination.
The point is hospitals need better email scanning because the personnel doesn't have the time to think about it. It's the email filter that needs to up its game.
Estimations say that automatic systems can avoid 1/3 of the incidents. Avoiding the other ones is users' job. They are the first line of defence.
Even if they think they have other things to do than mastering their IT tools, they are wrong. It's now part of everybody's job as long as you have to deal with a computer. If you disagree, then don't approach those boxes, they can be nefarious.
If the personnel hasn't the time to think about cybersecurity and basic precautions, then these attacks will succeed again and again. It learned to use medical devices to avoid accidents, it has to do the same with computers if those are now part of the medical chain.
Downvoted not because I disagree with your sentiment, but because it is completely unworkable. The only way to really stop this is to terminate the people doing it with extreme prejudice. It's not like they are targeting soldiers in some phoney cyberwar, they are holding knives to the throats of babies, old people and everyone else. Doing anything else just means they will become ever more devious and it will get harder and harder for genuine links to get through.
Here in Louisiana we're just had 10 inches of rain on Monday night and once the water level dropped I went into work - malware delivery's on Monday were up about 300% - we've been getting them for years so I block a lot of attachments at the mail server and run multiple virus checks, deleting viruses and quarantining attachments like "urgent_new_purchase_order.z" - the quarantine queue was stuffed. This is always related to the weather reports.
I believe that the malware delivery service monitors events worldwide and pushes up the delivery's whenever it's likely that there's going to be confusion or people are busy e.g. "Mari and John can't get in this morning, can you quit making coffee and check the sales emails please". 10 inches of rain is unusual (except during a hurricane) but malware is not - this happens continuously.
It's certainly a risk but it's unlikely, we monitor all access and block all login attempts that are not from specific locations - we log all attempts and only see a hundred fake attempts an hour most days but they increase too after we get weather. Two login failures result in the IP going into a hole for a few hours.
I've been seeing this for years now, we're prepared for a potential malware infection but so far (touch wood) we've been clean. While 2FA works, it can be a risk so it's not a cure.
Here in Louisiana we're just had 10 inches of rain on Monday night
10 inches in a day! Whoah. Rainy UK gets on average about 2.5 inches for the whole of May.I suspect 2021 will be above average though. Makes the grass grow and feeds the horses.
I hope I can one day get back to New Orleans. Sorry about the subject deviation.
Why would a nurse, for example, need to access attachments?
Making attachments a privilege not a right might be one way to go.
Now, as to the accounts payable department, who have to receive invoices, and write cheques to match, perhaps something less obv like an air-gapped reader would work (seriously; former $WORK had a secure network with zero web access; to Google for solutions you had to use a second PC and manually type in what you saw into the secure screen.) Doubtless they have to manually type in invoice data to a spreadsheet anyways.....
You are making an assumption that is was a nurse...
Could be a Doctor, cleaner, admin person. It could have been a MANAGER! Some of those are the the worst, they are an excellent example of the peter principle!
Remember "Those who can do, those who can't teach and those who have no bloody idea manage."
This is now becoming so much of a problem are we not getting to the point were:
Internet accessible systems are adding no value, whether it is inbound or outbound
Availability of information is more important than security
I would have thought we are reaching the point where hard splits of networks and systems are required to protect everyone. The attackers and their attacks are more frequent and increasingly targeting core infrastructure such as utilities and healthcare.
It maybe inconvenient but surely there needs to be some critical assessment of what happens when we are hit and what is the impact. If we mitigate the risk of ransomware by making the systems not so convenient to use it may piss some people off but at least the data is not encrypted or stolen and being held to ransom.
In the old days of traditional terrorism, people would threaten to blow something up after a warning or just blow it up to create as much disruption as possible. Significant resources were used to tackle this however with these sorts of crimes there appears to be a lot of talk and not much doing. It is as though because it is not a physical event too many are incapable of understanding that the outcome of these attacks is not very different from a bomb, you just cannot see it.
Out of sight, out of mind appears to be the approach with various agencies spouting waffle but no real evidence of any tangible benefits.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
