back to article INC Ransom claims responsibility for attack on NHS Scotland

NHS Scotland says it managed to contain a ransomware group's malware to a regional branch, preventing the spread of infection across the entire institution. The INC Ransom group this week claimed responsibility for the assault on 'NHS Scotland', saying it stole 3TB worth of data while leaking a small number of sensitive files …

  1. rmbaxter67

    Crime... or something else?

    Last time I looked, attacking a hospital isn't just a crime, it's a war crime. This looks like an act of war to me, meaning its perps aren't criminals but enemies of the state. For me, that requires a different kind of response.

    1. Anonymous Coward
      Anonymous Coward

      Re: Crime... or something else?

      Someone should tell the Israelis that then.....

    2. Jamie Jones Silver badge

      Re: Crime... or something else?

      A slow, painful, torturous, public death.

    3. Ian Johnston Silver badge

      Re: Crime... or something else?

      War crimes can only, by definition, be committed during war - including civil war. With whom is NHS Dumfries and Galloway in a state of armed conflict?

      1. Rob Daglish

        Re: Crime... or something else?

        Have you met the Scots? They’re pretty much in a state of armed conflict most of the time, with anyone within arms reach… Don’t forget this is the nation that gave us the bagpipes!

    4. Mandoscottie
      Facepalm

      Re: Crime... or something else?

      or allowing NHS to run EOL systems years after they should be decommed, sorry but you reap what you sow NHS.

      easy to blame hackers, instead of the irresponsible decision makers tasked with looking after said patient data as duty of care who have let this be accessible due to old legacy poop.

  2. MJI Silver badge

    Use as organ donors

    Only good use for them

  3. Tron Silver badge

    Design badly, lose data.

    Keep your data on an intranet on systems that have no connection to the public internet. Two systems per desk if you need them. Reduce web interactivity to the point where stuff submitted appears on one screen and a human being manually types it in to a different intranet-connected system. Design out the threat, because code is so complex now and resources are so thin, a system connected directly to the net can never be secure enough. They may trash the internet-facing system and scoop a thin slice of ephemerally-held data, but no more.

    1. Anonymous Coward
      Anonymous Coward

      Re: Design badly, lose data.

      Yeah, but every penny has to be spent on patients. Sod the employees or the technology. No one is going to approve buying something intangible such as software licences.

      As the cunt who used to restore from backup at a certain Scottish NHS board, I can tell you there was a ransomware outbreak every week.

      Some old dear clicks on Invoice.pdf.EXE and the whole file server is fucked AGAIN.

  4. Anonymous Coward
    Anonymous Coward

    It's about time the IT professionals involved all understand that when you detect a cyber attack its already too late, assume they've been in for weeks and have all your data.

    Optimism has no place in cybersecurity.

  5. Anonymous Coward
    Anonymous Coward

    Ransom attacks and associated gangs should be defined as terrorism and terrorist organisations

    It's not and won't be taken seriously until then. There's whole different methods used against terrorist activities that even the worst of usual illegal activities. Particularly with regards the latest targets are critical infrastructure, associated organisations some state owned and healthcare.

    1. Ian Johnston Silver badge

      Re: Ransom attacks and associated gangs should be defined as terrorism and terrorist organisations

      All that does is devalue the useful term "terrorist", much the same as attempting to redefine disagreement as "hate" only devalues the word hate.

      Ransoms gangs are not trying to terrify people. They are not terrorists.

      1. katrinab Silver badge
        Megaphone

        Re: Ransom attacks and associated gangs should be defined as terrorism and terrorist organisations

        They most definitely do try to terrify people.

        What makes it not "terrorism" under existing law is that they don't appear to be doing it for political reasons - the ransom is for money rather than for the government to do or not do some thing.

  6. Anonymous Coward
    Anonymous Coward

    Of course, if their data services were metered, they might have noticed the data being dumped over the network...

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like