Line them up against a wall and shoot. No mercy for vermin who attack healthcare in particular.
Ransom gang claims attack on NHS Alder Hey Children's Hospital
Yet another of the UK's National Health Service (NHS) systems appears to be under attack, with a ransomware gang threatening to leak stolen data it says is from one of England's top children's hospitals. The attack on Liverpool's Alder Hey Children's Hospital and Liverpool Heart and Chest Hospital NHS Foundation Trust is …
COMMENTS
-
-
Friday 29th November 2024 13:38 GMT cyberdemon
Re: No mercy for vermin who attack healthcare
Tell that to the IDF..
By April, WHO had verified 906 attacks on healthcare in Gaza, the West Bank, Israel, and Lebanon.[5] As of June 2024, according to WHO, Israel has attacked 464 health care facilities, killed 727 health care workers, injured 933 health care workers, and damaged or destroyed 113 ambulances [6]
Not to mention the number of children's hospitals blown up by Mad Vlad
Not trying to minimise the ransom scum here obviously, but just pointing out the much larger scale scummery coming from Israel and Russia that everyone seems to want to forget about these days
Tbh i'd guess this latest cyber scummery is probably linked to the above, i.e. either coming from Russia in revenge for the UK's support for Ukraine, or from Iran in revenge for the UK's support for Israel
-
Friday 29th November 2024 14:29 GMT Martin Summers
Re: No mercy for vermin who attack healthcare
Completely agree with you. No doubt some of these places are being used as shields, but targeting them is not the answer. The innocent are never considered in matters of war or targeted attacks. It's easy to launch an attack from a far off place coldly and clinically and never see, understand or feel the hell unleashed.
-
Friday 29th November 2024 14:39 GMT Anonymous Coward
Re: No mercy for vermin who attack healthcare
"No doubt some of these places are being used as shields, but targeting them is not the answer".
Agreed - using civilians as a human shield is cowardly and despicable, but choosing to smash through that shield *anyway* to get at the people behind it is grotesque.
-
-
-
-
Friday 29th November 2024 16:09 GMT tip pc
Private networks
These systems should be interconnected via private networks, not generally available via the internet.
Remote access should be to hosted virtual desktops etc with strong security & limited access etc.
in my time in government all our sites where interconnected via frame relay then private mpls, Internet break out was via 2 main sites only via proxies etc.
Its still possible to get private mpls circuits and also hop across privately to the big databarns like aws/azure/gcp etc without making those systems directly addressable to the general internet.
its possible that the hospitals are connected privately and the miscreants came in over the internet & exfiltrated / caused their mayhem that way but less likely especially if good internet access controls are used.
its time a government security department ensured high standards of security for these systems & could swoop in to take control when things like this happen.
i guess there is this
https://www.npsa.gov.uk
https://www.security.gov.uk/policy-and-guidance/secure-by-design/principles/
& the good practice guide in what ever form its in now.
-
Friday 29th November 2024 16:14 GMT S4qFBxkFFg
We need a law against ransom payments (or more generally, paying anyone known to be committing serious crime), one which doesn't have any loopholes for the various "consultants" who take advantage of the victims.
There would need to be rewards for whistleblowers too. The idea would be to make it impossible for any organisation, private or public, to make a substantial ransom payment without the risk that (for example) a low-level finance employee will notice something funny and report it for the reward.
-
-
Monday 2nd December 2024 13:56 GMT wolfetone
I agree with all of this.
But what are we doing as a country and not treating our healthcare IT the same as we treat our infrastructure? I want that question answered. We've had too many healthcare facilities like this being attacked and nothing has been done. They ought to be treated the same as everything else we consider to be critical.
-
-
Friday 29th November 2024 19:15 GMT Sub 20 Pilot
Find these cunts.
Spend the money that would be handed over to them in doing so.
Nail them to a tree and burn the fuckers.
Film it and put it out there as a warning to others.
There is a lot of bad in the world and a lot of good.
Evil cunts that target a childrens hospital is about the lowest you can get.
I do hope the bastards have a slow painful death whenever it happens.
-
Monday 2nd December 2024 12:51 GMT JT_3K
I reserve that word for special use cases. In this case it's justified.
Children's. Hospital.
Remember that "data" in hospital breaches often includes pictures of vulnerable people in their most challenged moments that are needed for medical reasons but otherwise shouldn't be shared. Cancer hospitals and pictures of mastectomy come to mind.
Children's. Hospital.
Nope.
-
Monday 2nd December 2024 08:20 GMT Anonymous Coward
I've said it before and I'll say it again, while these people need a fucking slap, those that are clicking on random links also need to understand they are part of the problem and have their share of the blame meted out to them in the form of disciplinary action. Until people learn good IT hygiene we will continue to see these sorts of issues.
If I caused this sort of issue in my organisation I'd be sacked. Anyone else should expect the same.
-
Monday 2nd December 2024 12:53 GMT Victor Ludorum
The problem is...
Until people learn good IT hygiene...
When you have staff that are exhausted, over-worked and under-resourced with Windows 7 machines in front of them, this will continue to happen.
Especially when the general attitude is 'the IT department are supposed to stop these sorts of things from happening, so it's their fault, not mine'...
I seem to recall some of the original ransomware criminals promised not to touch healthcare systems, but that seems to be ignored more and more now...
Personally, I think anyone attacking healthcare systems should be strung up by the unmentionables and left to rot.
Anyone attacking childrens healthcare systems I have no words for. Lower than low.
-
-
Monday 2nd December 2024 17:04 GMT keithpeter
Just wondering what the advantage to the attackers is?
Have they not realised that ransom is unlikely to be paid, and are they aware of the consequences of their identity being discovered?
One imagines that they might get more dosh from some tax-dodging mega-corp that was engaged in large scale exploitation somewhere.
Oh, and given this involves possible damage to local children and their families in Liverpool I would definitely avoid any travel to the city if names known.