back to article Ransomware attack at New York blood services provider – donors turned away during shortage crisis

New York Blood Center Enterprises (NYBCe) is currently in its fifth day of handling a ransomware attack that has led to system disruption. Limited information is known at present, other than the usual boilerplate details which readers have come to expect from ransomware incident disclosures.  The breach was detected on …

  1. Throatwarbler Mangrove Silver badge
    Flame

    Cybercrime?

    Fuck that shit. This is cyberterrorism, regardless of whether a ransom was demanded. It's a real goddamn shame that the grim cyberpunk future of being able to kill hackers with Black ICE has not come to fruition. Of course, a blood bank probably wouldn't have it, but one can dream.

    1. Throatwarbler Mangrove Silver badge
      Angel

      Re: Cybercrime?

      Having posted the above, it's now clear to me that the only fitting judgement would be using the perpetrators as perpetual bloodbags. Make them contribute blood for the rest of their lives to make up for the losses they've caused.

  2. An_Old_Dog Silver badge

    Dancing on the Railway Tracks

    While I don't disagree with those excoriating the perpetrator(s), I don't think those posters have looked at the situation carefully-enough.

    Punishment is due to the executives, and everyone who agreed with those execs, to make a critical-health system completely dependent upon an over-arching, single-point-of-failure organisation or other thing.

    I can hear the voices now: "But ... but those malware scum ..."

    If you dance upon the railway tracks long enough, you will eventually be struck.

  3. RedGreen925

    "According to one study Microsoft cited"

    Got on studies on why your useless f'n OS is ever installed by these organizations. With them clearly knowing your history of producing exploitable garbage for well over forty years.

  4. Sceptic Tank Silver badge
    Trollface

    Effing leeches

    "Limited information is known at present" ... that's what happens if your stuff is encrypted.

    This must be a profitable business. I don't often hear of anybody getting prosecuted.

  5. EricB123 Silver badge

    Seriously?

    If I hear a corporate spokesperson say "we take security very seriously" just one more time, I'm going postal.

  6. ChrisElvidge Silver badge

    The question to be asked of all

    If your IT systems fail, can you still do your job? If not, why not?

    Do we really *require* IT to take and distribute blood products? It was managed before computers became ubiquitous.

    1. rcxb Silver badge

      Re: The question to be asked of all

      If your IT systems fail, can you still do your job? If not, why not?

      We're dealing with life-critical medical equipment, not milk. You need to meticulously track who donated the blood, from where and when, that it passed several tests, certify it has been kept in proper conditions, when it will expire, etc. The first person who dies from some pathogen in donated blood will eliminate any benefit to falling back to your stone-aged paper tracking systems (which surely don't meet modern safety standards and medical professions will scoff at taking any part of).

      Do we really *require* IT to take and distribute blood products? It was managed before computers became ubiquitous.

      Are you really suggesting that the pervasive computerization of the business world over the past century is just a multi-trillion dollar waste, and that computerized automation really isn't a labour-saving device after all?

      Or are you suggesting organizations can just spin up dozens of secretaries, call center operators, human computers, mailroom clerks, pneumatic tube mail systems, etc. to replace all their integrated IT systems?

      1. An_Old_Dog Silver badge
        FAIL

        Re: The question to be asked of all

        How about a fuckin' fallback plan that isn't just throwing hands in the air and saying, "We give up! It's all in the computer and we can't get it out! Business continuity plans are too hard, so we didn't make a serious one."

      2. An_Old_Dog Silver badge
        FAIL

        Re: The question to be asked of all

        @rexb:

        Are you really suggesting that the pervasive computerization of the business world over the past century is just a multi-trillion dollar waste, and that computerized automation really isn't a labour-saving device after all?

        In far too many cases, yes, pervasive computerisation has been a multi-trillion pound waste, and has been/still is a waste of labour. The labour savings from computerisation are frequently, greatly-more-than-cancelled by the labour expense of having to debug computer problems, to listen to Muzak while on hold for manufacturer's 'tech support', to have to try to communicate with someone having a very thick accent, over a super-crappy VOIP connection to a foreign call center, and of thousands of employees simply having to contort their personal workflows in a time/labour-wasting fashion, around the use of badly-designed, badly-implemented, corporate/government-mandated systems.

        Or are you suggesting organizations can just spin up dozens of secretaries, call center operators, human computers, mailroom clerks, pneumatic tube mail systems, etc. to replace all their integrated IT systems?

        If all those things have to be "spun up", then that business continuity plan has already failed. I've seen a major-chain retailer continue to do business, without mains power, out of a multi-thousand-square-foot store, using battery-powered printing calculators (which they borrowed out of their electronics departmental stocks), and I've seen a hole-in-the-wall, mom-and-pop convenience store closed down because their electronic point-of-sale quit working.

        1. pomegranate

          Re: The question to be asked of all

          Thanks for the back-and forth. The idea of writing down all the info mentioned on a piece of paper seems doable, with some thought and practice runs.

          I wonder if blood banks have become measurably safer, or have laid off many workers, as a result of computer integration, or whether it’s just a matter of mandates?

          Only a manager who’s tried preparing a random ware backup plan could know.

  7. EnviableOne

    Business continuity

    Where is their BC plan, no one should be stopped from doing business by the loss of access to infrastructure.

    There should be contingencies, paper forms, cloud-based systems and alternate locations available.

    this should be sufficient to carry on any business for 3-4 days in the event of an attack.

    then there should be a good enough DR plan that systems can be restored or rebuilt within that window and records updated from the temporary systems.

    1. ecofeco Silver badge
      Pirate

      Re: Business continuity

      Hey, those yachts don't pay for themselves, you know!

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like