back to article New Zealand hospitals infected by ransomware, cancel some surgeries

New Zealand's Waikato District Health Board (DHB) has been hit with a strain of ransomware that took down most IT services Tuesday morning and drastically reduced services at six of its affiliate hospitals. The attack disabled all IT services except email. Patient notes became inaccessible, clinical services were disrupted, …

  1. Jamesit

    A possible solution is a separate system for email that has no access to the important office network, I don't think that would be too hard to setup.

    1. Yes Me Silver badge
      FAIL

      I prescribe a scan

      Banks have switched to in-house "secure messaging". That's hard to do for a health board (in any country, not just NZ) because getting every citizen set up with a trustworthy access mechanism would be a logistical nightmare.

      But you'd think they could virus-scan all incoming attachments.

  2. Anonymous Coward
    Anonymous Coward

    Or as we spell it

    Honour

  3. Anonymous Coward
    Anonymous Coward

    I saw this when doing support for a Car Manufacturer

    Users where TOLD not to open attachments, clear and simple so one user opened one and encrypted not only his data but also data on network shares. There was an imaginary line of Techies who wanted to give him a slap. So it was down to us to restore the Backups and retrieve the Tapes.

    1. werdsmith Silver badge

      Re: I saw this when doing support for a Car Manufacturer

      Techies should have stripped attachments and held them in quarantine.

      With a message embedded in the mail about how to go about getting the attachment out through the vetting.

      1. hoola Silver badge

        Re: I saw this when doing support for a Car Manufacturer

        Easily said but when there is so much garbage buried in html in the simplest email it is difficult. So many things are sent out as attachments, usually by automated systems this is a total nightmare. Why does our SAP system have to send you a PDF copy of a document attached to a blank email? The contents of the PDF could very easily be in the body of the email as it is just telling you something has been done.

        IT itself is the cause of much of the issues in the way that endless eye candy is more important than security or function. You can blame the users as much as you want and yes, stupidity or carelessness is part of the problem but we have known this for years but very little appears to be done to reduce the need to click on links and attachments. That is not the the fault of the users.

  4. Potemkine! Silver badge

    It seems that email phishing is the main reason for successful ransomware attacks, doesn't it?

    There are many technical answers at different levels (firewall, mail server, client) to mitigate, but the most efficient one is users education. And by education I mean repeat the information again and again.

    1. Pascal Monett Silver badge

      Totally agree.

      Unfortunately, we're talking hospital here. Nurses have other things to do than follow security seminars on email handling. Especially when governments are notorious for cutting down on healthcare spending.

      Hospital personnel have been overworked for years, it's not new.

      I don't know what the solution is, but to me it should be before the email reaches the inbox. Maybe have a system that scans email contents, quarantines anything with a link for further analysis, then checks all links for acceptability before depositing them at their destination.

      The point is hospitals need better email scanning because the personnel doesn't have the time to think about it. It's the email filter that needs to up its game.

      1. Potemkine! Silver badge

        Estimations say that automatic systems can avoid 1/3 of the incidents. Avoiding the other ones is users' job. They are the first line of defence.

        Even if they think they have other things to do than mastering their IT tools, they are wrong. It's now part of everybody's job as long as you have to deal with a computer. If you disagree, then don't approach those boxes, they can be nefarious.

        If the personnel hasn't the time to think about cybersecurity and basic precautions, then these attacks will succeed again and again. It learned to use medical devices to avoid accidents, it has to do the same with computers if those are now part of the medical chain.

      2. Anonymous Coward
        Anonymous Coward

        Downvoted not because I disagree with your sentiment, but because it is completely unworkable. The only way to really stop this is to terminate the people doing it with extreme prejudice. It's not like they are targeting soldiers in some phoney cyberwar, they are holding knives to the throats of babies, old people and everyone else. Doing anything else just means they will become ever more devious and it will get harder and harder for genuine links to get through.

  5. Pascal Monett Silver badge

    "The attack disabled all IT services except email"

    Ain't that a shame. It took everything down except for the vector it used to get in.

    Irony, anyone ?

  6. Version 1.0 Silver badge

    Local malware weather report

    Here in Louisiana we're just had 10 inches of rain on Monday night and once the water level dropped I went into work - malware delivery's on Monday were up about 300% - we've been getting them for years so I block a lot of attachments at the mail server and run multiple virus checks, deleting viruses and quarantining attachments like "urgent_new_purchase_order.z" - the quarantine queue was stuffed. This is always related to the weather reports.

    I believe that the malware delivery service monitors events worldwide and pushes up the delivery's whenever it's likely that there's going to be confusion or people are busy e.g. "Mari and John can't get in this morning, can you quit making coffee and check the sales emails please". 10 inches of rain is unusual (except during a hurricane) but malware is not - this happens continuously.

    1. Anonymous Coward
      Anonymous Coward

      Re: Local malware weather report

      Sounds like they are reading your companies Email regularly. I'd be checking what IPs are accessing Email systems, and insure 2FA is in use for email access.

      1. Version 1.0 Silver badge

        Re: Local malware weather report

        It's certainly a risk but it's unlikely, we monitor all access and block all login attempts that are not from specific locations - we log all attempts and only see a hundred fake attempts an hour most days but they increase too after we get weather. Two login failures result in the IP going into a hole for a few hours.

        I've been seeing this for years now, we're prepared for a potential malware infection but so far (touch wood) we've been clean. While 2FA works, it can be a risk so it's not a cure.

    2. werdsmith Silver badge

      Re: Local malware weather report

      Here in Louisiana we're just had 10 inches of rain on Monday night

      10 inches in a day! Whoah. Rainy UK gets on average about 2.5 inches for the whole of May.I suspect 2021 will be above average though. Makes the grass grow and feeds the horses.

      I hope I can one day get back to New Orleans. Sorry about the subject deviation.

  7. Bitsminer Silver badge

    detach attachments?

    Why would a nurse, for example, need to access attachments?

    Making attachments a privilege not a right might be one way to go.

    Now, as to the accounts payable department, who have to receive invoices, and write cheques to match, perhaps something less obv like an air-gapped reader would work (seriously; former $WORK had a secure network with zero web access; to Google for solutions you had to use a second PC and manually type in what you saw into the secure screen.) Doubtless they have to manually type in invoice data to a spreadsheet anyways.....

    1. Dagg

      Re: detach attachments?

      You are making an assumption that is was a nurse...

      Could be a Doctor, cleaner, admin person. It could have been a MANAGER! Some of those are the the worst, they are an excellent example of the peter principle!

      Remember "Those who can do, those who can't teach and those who have no bloody idea manage."

  8. Andrew Williams

    I have always wondered why so many people need external email. Same with external/internet access.

    1. TheMeerkat Bronze badge

      Imagine today’s average young software developer? Without ability to Google they will just break down and cry.

      The same is probably true about young doctors...

      1. werdsmith Silver badge

        You don't need google if you can memorise a URL for stack.

    2. Yes Me Silver badge

      why so many people need external email

      external = patients

    3. EnviableOne Silver badge

      well, Matt Hancock took their fax machines .....

  9. jezza99

    It really is time that these ransomware outfits are treated like the terrorists they are.

  10. hoola Silver badge

    This is now becoming so much of a problem are we not getting to the point were:

    Internet accessible systems are adding no value, whether it is inbound or outbound

    Availability of information is more important than security

    I would have thought we are reaching the point where hard splits of networks and systems are required to protect everyone. The attackers and their attacks are more frequent and increasingly targeting core infrastructure such as utilities and healthcare.

    It maybe inconvenient but surely there needs to be some critical assessment of what happens when we are hit and what is the impact. If we mitigate the risk of ransomware by making the systems not so convenient to use it may piss some people off but at least the data is not encrypted or stolen and being held to ransom.

    In the old days of traditional terrorism, people would threaten to blow something up after a warning or just blow it up to create as much disruption as possible. Significant resources were used to tackle this however with these sorts of crimes there appears to be a lot of talk and not much doing. It is as though because it is not a physical event too many are incapable of understanding that the outcome of these attacks is not very different from a bomb, you just cannot see it.

    Out of sight, out of mind appears to be the approach with various agencies spouting waffle but no real evidence of any tangible benefits.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like

Biting the hand that feeds IT © 1998–2022