NHS cyber attack ..

Jalapeno

Apparently XP only went out of support in April 2014, I'm amazed it stuck around so long !

Fretwired

Jalapeno said:

According to BBC this is global.  Feels like Mr Robot coming true !!!!

True, but to the average voter this is worrying .. BBC just shown a woman with a child being turned away from a hospital. That's an emotional image and people always look for someone to blame .. the Tories will get the flak.

bodhi

All that time spent teaching myself how to make drill bow fire might come in handy soon.

Sycamore works well.  So does the Butterfly bush which grows everywhere along the rail tracks.  If you can't find Elder and Climatis.

JMP220478

Fretwired said:

Jalapeno said:

According to BBC this is global.  Feels like Mr Robot coming true !!!!

True, but to the average voter this is worrying .. BBC just shown a woman with a child being turned away from a hospital. That's an emotional image and people always look for someone to blame .. the Tories will get the flak.

deservedly so if theyre responsible ...

http://www.independent.co.uk/news/uk/politics/nhs-cuts-crisis-government-consultancies-millions-paid-a7640176.html

perhaps a few more decent pc's n some investment in IT training - might have prevented this  IT superbug issue

Fretwired

JMP220478 said:

Fretwired said:

Jalapeno said:

According to BBC this is global.  Feels like Mr Robot coming true !!!!

True, but to the average voter this is worrying .. BBC just shown a woman with a child being turned away from a hospital. That's an emotional image and people always look for someone to blame .. the Tories will get the flak.

deservedly so if theyre responsible ...

http://www.independent.co.uk/news/uk/politics/nhs-cuts-crisis-government-consultancies-millions-paid-a7640176.html

perhaps a few more decent pc's n some investment in IT training - might have prevented this  IT superbug issue

Oh dear .. Deloittes who used to help fund the Tories ... (not sure if the company is a donor at this election).

bodhi

perhaps a few more decent pc's n some investment in IT training - might have prevented this  IT superbug issue

True.  The receptionists get more training where I work than the IT department.  No jokes.  It's crazy.

bodhi

What's more, the Customer Services recruits must be graduates, whereas the last 4 "IT guys" who joined our team were all school leavers with an interest in computers.

"Just train them up - how hard can it be?".

It takes years to get them up to speed.

Stupid is as stupid does.

scrumhalf

If you want to extract huge amounts of money from the NHS with no recourse then just pitch for one of their contracts. No need for bitcoin or anything like that.

JMP220478

Fretwired said:

JMP220478 said:

Fretwired said:

Jalapeno said:

According to BBC this is global.  Feels like Mr Robot coming true !!!!

True, but to the average voter this is worrying .. BBC just shown a woman with a child being turned away from a hospital. That's an emotional image and people always look for someone to blame .. the Tories will get the flak.

deservedly so if theyre responsible ...

http://www.independent.co.uk/news/uk/politics/nhs-cuts-crisis-government-consultancies-millions-paid-a7640176.html

perhaps a few more decent pc's n some investment in IT training - might have prevented this  IT superbug issue

Oh dear .. Deloittes who used to help fund the Tories ... (not sure if the company is a donor at this election).

Deloittes will pitch for the IT FIX contract

Danny1969

I can't actually believe companies let alone the NHS use Windows boxes to run anything of critical importance .... I mean let's face it half the time you can't trust one to run your DAW reliably or run for more than 6 months before it gets stuck in a Windows update loop or something else goes wrong.
Something a lot more robust would be a better idea, I don't know what but something with ROM instructions and sandboxing 

Fretwired

From the BBC website:

Dr Afzal Ashraf, an expert on cyber-security who has previously worked as an adviser to the government, told the BBC it was likely that the malware was spreading when NHS services shared documents and information.

But he also said he thought it was unlikely the attackers had deliberately targeted the NHS.

He added: "I think they probably attacked a small company assuming they would get a small amount of money but it's got into the NHS system and now they have the full power of the state against them - because obviously the government cannot afford for this sort of thing to happen and be successful."

mellowsun

Is it PCs that are affected or the servers running the software and holding the data? The NHS was supposed to be moving away from centralised systems, this was the purpose of Blair's 12Bn IT spend in 2004.

Fretwired

mellowsun said:

Is it PCs that are affected or the servers running the software and holding the data? The NHS was supposed to be moving away from centralised systems, this was the purpose of Blair's 12Bn IT spend in 2004.

It's a ransomware attack not a data hack so it's desktop PCs - probably infected via links in emails.

Bridgehouse

Danny1969 said:

I can't actually believe companies let alone the NHS use Windows boxes to run anything of critical importance .... I mean let's face it half the time you can't trust one to run your DAW reliably or run for more than 6 months before it gets stuck in a Windows update loop or something else goes wrong.
Something a lot more robust would be a better idea, I don't know what but something with ROM instructions and sandboxing 

MS Office. 

And user familiarity.

And worldwide business strategies.

And the way public sector procurement works. You can't specify certain technologies - you procure a need and take the best value offering. 

But most importantly - how do you prevent 100% of your workforce from falling for phishing emails 100% of the time.

monquixote

mellowsun said:

Is it PCs that are affected or the servers running the software and holding the data? The NHS was supposed to be moving away from centralised systems, this was the purpose of Blair's 12Bn IT spend in 2004.

It's an email phishing scam which then installs a worm which spreads over the network using an unpatched vulnerability in the samba file sharing protocol.

I doubt it intended to target the NHS I expect the hackers just hit gold.

ICBM

Fretwired said:

From the BBC website:

Dr Afzal Ashraf, an expert on cyber-security who has previously worked as an adviser to the government, told the BBC it was likely that the malware was spreading when NHS services shared documents and information.

But he also said he thought it was unlikely the attackers had deliberately targeted the NHS.

He added: "I think they probably attacked a small company assuming they would get a small amount of money but it's got into the NHS system and now they have the full power of the state against them - because obviously the government cannot afford for this sort of thing to happen and be successful."

If I was the attacker, having the British government on my trail wouldn't be very scary. But as already said, if they've pissed off Putin there will be consequences, and most likely very unpleasant ones…

Bridgehouse said:

But most importantly - how do you prevent 100% of your workforce from falling for phishing emails 100% of the time.

Probably in the same way as financial companies have had to implement to deal with money laundering - by making the employees personally liable. That would act as a fairly good deterrent to opening any email link, ever.

Fretwired

monquixote said:

It's an email phishing scam which then installs a worm which spreads over the network using an unpatched vulnerability in the samba file sharing protocol.

I doubt it intended to target the NHS I expect the hackers just hit gold.

I doubt they've hit gold. May will have GCHQ tracking them down. I bet they would have preferred a few SMEs who'd have paid up and shut up. Attacking the NHS isn't the brightest move unless you're clever enough to blackmail the government.

monquixote

Fretwired said:

monquixote said:

It's an email phishing scam which then installs a worm which spreads over the network using an unpatched vulnerability in the samba file sharing protocol.

I doubt it intended to target the NHS I expect the hackers just hit gold.

I doubt they've hit gold. May will have GCHQ tracking them down. I bet they would have preferred a few SMEs who'd have paid up and shut up. Attacking the NHS isn't the brightest move unless you're clever enough to blackmail the government.

It's probably a criminal gang in Russia I doubt any of them will be getting their collars felt.

Fretwired

Bridgehouse said:

But most importantly - how do you prevent 100% of your workforce from falling for phishing emails 100% of the time.

There are ways. Email encryption, strip out all HTML links and attachments. If files need to be sent use secure Cloud-based storage solutions rather than email.

Fretwired

monquixote said:

It's probably a criminal gang in Russia I doubt any of them will be getting their collars felt.

Wouldn't bank on that ... apparently the attacks have hit Russian state TV and other institutions. There will be some seriously pissed off Russians ..