How Ransomware Puts Your Hospital At Risk (deccanherald.com) 35
nickwinlund77 quotes a New York Times opinion piece:
In March, several cybercrime groups rushed to reassure people that they wouldn't target hospitals and other health care facilities during the Covid-19 pandemic. The operators of several prominent strains of ransomware all announced they would not target hospitals, and some of them even promised to decrypt the data of health care organizations for free if one was accidentally infected by their malware. But any cybersecurity strategy that relies on the moral compunctions of criminals is doomed to fail, particularly when it comes to protecting the notoriously vulnerable computer systems of hospitals.
So it's no surprise that Universal Health Services was hit by ransomware late last month, affecting many of its more than 400 health care facilities across the United States and Britain. Or that clinical trials for a Covid-19 vaccine have been held up by a similar ransomware attack disclosed in early October. Or that loose-knit coalitions of volunteers all over the world are working around the clock to try to protect the computer systems of hospitals that are already straining under the demands of providing patient care during a global pandemic.
In the midst of the Covid-19 pandemic, the potential consequences of these cyberattacks are terrifying. Hospitals that have lost access to their databases or had their networks infected by ransomware may not be able to admit patients in need of care or may take longer to provide those patients with the treatment they need, if they switch to relying on paper records...
Every hospital and clinic should be re-evaluating their computer networks right now and ramping up the protections they have in place to prevent their services from being interrupted by malware or their sensitive patient data from being stolen.
So it's no surprise that Universal Health Services was hit by ransomware late last month, affecting many of its more than 400 health care facilities across the United States and Britain. Or that clinical trials for a Covid-19 vaccine have been held up by a similar ransomware attack disclosed in early October. Or that loose-knit coalitions of volunteers all over the world are working around the clock to try to protect the computer systems of hospitals that are already straining under the demands of providing patient care during a global pandemic.
In the midst of the Covid-19 pandemic, the potential consequences of these cyberattacks are terrifying. Hospitals that have lost access to their databases or had their networks infected by ransomware may not be able to admit patients in need of care or may take longer to provide those patients with the treatment they need, if they switch to relying on paper records...
Every hospital and clinic should be re-evaluating their computer networks right now and ramping up the protections they have in place to prevent their services from being interrupted by malware or their sensitive patient data from being stolen.
Lay off the clickbaity headlines. (Score:2)
Re: (Score:2)
No problem. Can we assume that when you catch C-19, or get hit by a hit-and-run car, or come down with STDs, that you'll treat them at home, and not go to an ER, either?
Windows puts your hospital at risk (Score:1, Troll)
Running Microsoft Windows in a hospital? Then you are criminally negligent.
Re: (Score:3)
Thats a Windows application.
Want it changed? Convince Toshiba to build a Not-Windows interface.
If there is little or no alternative, "criminally negligent" is not relevant.
Re: (Score:2)
It feels to me like this is just a filesystem issue, that an automatic snapshotting filesystem could entirely defang most ransomware attacks. Just need to make the ability to delete snapshots require privileged access; then, the worst thing a ransomware programme can do without privileged access is fill up your filesystem.
Then you've made it so that to carry out a ransomware attack they need either root access or a way to trick people into deleting their valid snapshots - both vectors which proper interface
Re: (Score:2)
I think some ransomware is able to attack and encrypt the raw disk volumes. Effectively your current filesystem and all snapshots are buried at the same time. If it is the kind of ransomware that goes after specific files in the filesystem (like a SQL database) then a frequent-snapshot files system (like ZFS) could be effective against that.
The only thing that I ever implemented that felt really secure to me is to have a remote system log into the target system and back up each snapshot as quickly as
Re: (Score:2)
That's how I did it in a small organisation, and retained snapshots as long as possible. But a bigger organisation will have more bean counters and then there's more quality compromises... and worse cyber compromises.
Re: (Score:2)
Is it that the ransomware has privileged access, or is it that accessing raw disk volumes doesn't require privileged access?
Re: (Score:2)
In almost any system I am aware of, accessing raw disk volumes requires superuser privilege. You could do so through a /dev special file (like /dev/sd1) or you could actually insert a kernel module that hooks into the block drivers and interfere there. If the ransomware is able to do that you are pretty much screwed unless you have a clean backup.
If the ransomware doesn't have privileged access, then it has to be limited to going after files that it does have access for. That can be bad enough, but y
Re: (Score:2)
Years ago they used to be SGI boxes.
Re:Windows puts your hospital at risk (Score:4, Insightful)
Re: (Score:1)
So? Run that crap under a VM if you have to. But don't go jeopardizing the entire rest of the network infrastructure just because a few apps are still stuck on Windows for the moment.
You just said more about a badly designed network than anything about bad apps or OSs
Re: (Score:2)
So? Run that crap under a VM if you have to. But don't go jeopardizing the entire rest of the network infrastructure just because a few apps are still stuck on Windows for the moment.
You just said more about a badly designed network than anything about bad apps or OSs
You just said more about somebody whose understanding of OSes and networks is insufficient to be allowed to touch any critical system than Microsoft Window's talent for wasting resources, getting infected and losing data to malware.
Re: (Score:1)
But don't go jeopardizing the entire rest of the network infrastructure just because a few apps are still stuck on Windows
This article, and all others on the same subject, have always addressed this.
"a few apps" here is 100% of the software they need. Without that, there is exactly NO reason to have computers at all.
And once again, the one and only alternative to not using computerized hospital management is to run at the far far slower speed of operation hospitals used to run at without computers.
In the midst of the Covid-19 pandemic, the potential consequences of these cyberattacks are terrifying. Hospitals that have lost access to their databases or had their networks infected by ransomware may not be able to admit patients in need of care or may take longer to provide those patients with the treatment they need, if they switch to relying on paper records...
When your lungs shut down and you're gasping for breath, seconds away from suffocating and drowning in your own body fluids, the E
Re: (Score:2)
Re:Windows puts your hospital at risk (Score:4, Insightful)
The problem isn't Microsoft Windows.
It is admins that grant full access to everything for themselves and do all their work, email reading, and web surfing while logged on with their admin account. ... the management that lets them get away with it.
It is admins who grant full access to people across multiple resources rather than take the trouble to identify and configure the minimum access needed.
It is admins that use the same system account and password across multiple devices and resources that should not even be on the same network much less the same logon domain.
It is admins that never seriously thought about how they would recover from a disaster of any type and had never done a trial run of recovery.
It is an IT that allows data and programs to be spread all over the environment with no idea of what's out there.
It is users that will open every email, open every attachment, and click every link in emails they get.
And
Re: (Score:2)
The problem is Microsoft Windows, revisionism notwithstanding.
Re: This will continue to be a problem (Score:5, Insightful)
The solution is simpler. Make paying a ransom a criminal offence with a minimum jail term of say 36 months for the whole of board of directors. Get the major western economies to sign up to this, say USA, EU, UK, Canada, Japan and it's game over for the criminals because what's the point if nobody is going to pay out, because paying out is really bad news for the boards freedom that they will never sanction it.
Jail is not the solution. (Score:1)
If you could get everybody to stop paying the ransoms, how will that stop the attacks? Do you think China or North Korea really cares about getting the payments for their ransomware? Really what they're after is disruption and control over critical infrastructure in foreign countries that they oppose. Extracting payment is just some extra icing on the cake for them.
The underlying problem here is Windows -- it's always vulnerable to malware, viruses, ransomware, etc. Microsoft can't pay enough third world de
Re: (Score:2)
Jail is *ONLY* if you *PAY* a ransom. It is also not remotely clear that all ransomware attacks are state sponsored. Even for state sponsored attacks for North Korea the earning of hard currency is a major motivation by all accounts, so removing an incentive is worth while. Further by removing the incentive for criminal ransomware you are going to leave just the state sponsored attacks which makes going after those states with tough economic sanctions easier to justify.
It would impact the decision making p
Re: (Score:2)
Jail while a good idea is not only part of the solution.
a short jail term might be acceptable 6 month to 2 years for the officers
and people will be desperate for solution to get the data back, so
"the good officer took the hit "
that's how it will look on the corporate papers
Re: (Score:2)
I don't want to think the following, yet it keeps showing up in my thought process.
Those that place the ransomware on the computers on medical firms are committing
act's that can lead to death and should be charged with crimes related to it.
Go back (Score:1)
To dumb terminals and mainframes. No attack vectors.
Self-deluded moralising (Score:2)
This self-deluded moralising is pure click-bait. Okay, criminals don't spend a lot of time thinking of the consequences of their actions but even the dumbest mastermind knows the difference between abusing the social contract and shooting himself in the foot. In short, Covid-19 is so dangerous that the average criminal will be thinking how to protect himself. Refusing to cripple hospitals is enlightened self-interest. I'm far more worried about about the people who can buy protection and healthcare at a
Re: Self-deluded moralising (Score:4, Insightful)
Organized crime and nation state actors are behind the vast majority of large scale, sophisticated ransomware attacks. Indiscriminately killing people in hospitals doesn't present them with any moral dilemmas. To the contrary, it provides them with victims who will be highly motivated to pay ransome demands. COVID 19 is just another money making opportunity and any comments they offer are nothing more than public relations hokem.
3rd party vendors systems that can't have updates (Score:5, Insightful)
3rd party vendors systems that can't have updates installed are part of issue as well systems stuck on XP as it may cost $100K-$200K+ per unit to replace an system that is part of XP computer to run it.
As well 3rd party vendors saying we must have remote access to the system from off site.
We are talking about things like x ray medicines, mri medicines, etc where the hospital IT has very little say on there software and they can't put them on Domain / install any management software on them. Or in some cases can't even do windows updates.
Re: (Score:2)
Sure, update from the malware to the spyware, and still have loads of malware on your Microsoft piece of shit.
Microsoft Windows strikes again! (Score:1)