Hackers Take Aim At Another US Hospital

H

HardOCP News

[H] News
Joined
Dec 31, 1969
Messages
0
If you are the kind of scumbag that would hack a hospital, you need to have your ass kicked. If you know a hacker that is targeting a hospital, you should turn them in for the reward money. :mad:

The FBI said it was investigating the paralyzing attack on MedStar Health Inc., which forced records systems offline, prevented patients from booking appointments, and left staff unable to check email messages or even look up phone numbers.
 
Why are these systems even accessible from the outside in the first place?

And if the virus was installed from the inside, why the crap are the systems themselves not locked up where nobody can get to them?

Thin clients and locked down RDP sessions FTW if they want to keep stuff like this from happening from the inside.

And users should NOT have admin access at all.

How hard is it to secure your systems? Who is their security admin? A 3-year old?
 
These fools will kill one of their own someday because they'll hack a hospital where a relative, friend, loved one, etc. is staying.
 
cyclone3d said:
Why are these systems even accessible from the outside in the first place?

And if the virus was installed from the inside, why the crap are the systems themselves not locked up where nobody can get to them?

Thin clients and locked down RDP sessions FTW if they want to keep stuff like this from happening from the inside.

And users should NOT have admin access at all.

How hard is it to secure your systems? Who is their security admin? A 3-year old?
Click to expand...

It's simple really. Idiot users and management are typically the culprits in a few likely scenarios.

Management doesn't hire competent IT staff at all.
Management hires competent IT staff and refuses to approve anything requiring money.
Idiot users whine about some random non work related convenience issue(like justifying browsing facebook all day because the hospital/company/government agency/whatever has a facebook page, not that they need to or ever actually access it)and management comes down on competent IT staff like a bag of rocks and prevents them from implementing anything.

I had a similar situation but different scenario happen at work. We decided to repurpose some old servers(rather than toss them out) as file replication targets so we would have a live on site method of recovery in the event one of the file servers went down. It required some minor shuffling of data locations(nothing critical at all), and some of the users went apeshit and complained to management. Fortunately we got management to understand that it's more important to get everyone access to their data within minutes if a server fails, rather than wait for an RMA or having to make a purchase at a local store and cobble some crap together then restore from a backup that might be a few hours old. We still have users bitching to this day because they need to go to a different mapped network drive letter for something:rolleyes: Thankfully we don't have anything sensitive enough, otherwise they'd go ballistic if we prevented them from installing itunes on crap for their iphones/ipads or blocked access to garbage social media sites(let alone any actual security).
 
cyclone3d said:
Why are these systems even accessible from the outside in the first place?

And if the virus was installed from the inside, why the crap are the systems themselves not locked up where nobody can get to them?

Thin clients and locked down RDP sessions FTW if they want to keep stuff like this from happening from the inside.

And users should NOT have admin access at all.

How hard is it to secure your systems? Who is their security admin? A 3-year old?
Click to expand...

Because the huge focus on the bottom line and the We'll take care of it when its a problem mentality.

Had ransomeware attack in some subsidiary origination of the Danish goverment.
Took less than 15 minutes and everything was back to normal.But the IT integration over there and here in the states are remarkable different and started way earlier. Moving to the states was like moving 30 years back in time. Which leaves a huge gaping hole for hacker.
 
cyclone3d said:
Why are these systems even accessible from the outside in the first place?

And if the virus was installed from the inside, why the crap are the systems themselves not locked up where nobody can get to them?

Thin clients and locked down RDP sessions FTW if they want to keep stuff like this from happening from the inside.

And users should NOT have admin access at all.

How hard is it to secure your systems? Who is their security admin? A 3-year old?
Click to expand...

While I realize there's a number of gaping flaws and I am far from excusing that, these medical record databases are held centrally, not on-location. Which means, points of intrusion from outside.
 
Is this the guy?

I just started working nights at this hospital and had enjoyed it so far. I was on my break this morning and printed off an application for my local volunteer rescue squad. When I came back to my computer a notepad file opened up that basically said all my data was now encrypted and I would have to pay to get it back. (Rasomware, it's been on the news)

So, I email the IT guy thinking this is no big deal and that shit like this happens all the time. NOPE. Apparently I awoke some super mutant virus that deleted all of my departments folders and fucked everything up.

Now I have administrative people blowing up my cell phone, my boss is "unsure" if I'll keep my job, and my co workers have started a rumor that I watch porn at work.

TL;DR Anyone hiring?

Edit: They managed to contain the issue and I haven't been shit canned yet. Lesson learned though!

Edit edit: thanks for all the replies! I feel like less or a moron because of you guys.
Click to expand...
 
up next. Robotic surgeon hacked. Hackers override manual control and cut a patient's heart to pieces.
 
Medstar is in my area. I'm sure they'll eventually trace it back to Linda in accounting who go an email about a fax/shipment/scan/bonus that she had to open. Even if their security is half-way decent (likely it's not) it just takes one moron user to unleash this crap. They'll probably invest a little more in security/IT now.
 
I work for a large medical company. For the past few years we have been investing heavily in real time security forensics tools because spending the thousands of hours shoring up user access is simply not effective enough and will not protect against these types of breaches (Dont get me wrong there is a forever project of audit and remediation). In the comments above I see a HUGE misconception of how these things happen. Non-IT Users do not need administrative access all they need is access to sensitive data for an effective ransomware attack. This was a ransomware attack that went widespread. If the attack was coordinated and not just started by a single user phish the initial breach could have happened months previously and laid non-destructive until enough knowledge of the network was learned to gain access to critical systems. If you want to learn much about how these things happen and how difficult it is to erect an adequate defense look up "PtH". That is one of several unpatchable exploits used and it is a major league dirty little secret of IT security. You will need additional key words to get a useful data search for "PtH"

On a day to day basis I use 2 Factor authentication and my administrative password is changed every 24 hrs. with a randomly generated character string of letters numbers and symbols. Every time I want to use it I have the check it out from a password vault. I also only use these credentials from a VDI desktop that gets wiped out every time I log off.

BTW I don't post much on the forums but have been a member for MANY years and continue to read and enjoy some of the conversations that occur on the site.
 
If they can shut down the medical system, the medical system is doing it all fucking WRONG
 
If you've experienced most hospital staff when it comes to IT you wouldn't be surprised.
These are places where nepotism is sky high and competency is really low.
 
Derfnofred said:
? Incorrect word choice?
Click to expand...
How so?
I know many people who got jobs because their parents were doctors or knew some doctors in the IT field working in hospitals.
Doctors have a pretty unique position where they're well respected, well paid and have a lot of political will in their own workplace. If they want someone to work for their workplace, they can easily make it happen.
 
It was an odd comment, so I thought you were going for something else. Just clarifying, which you just did. :D
 
Steve said:
If you are the kind of scumbag that would hack a hospital, you need to have your ass kicked. If you know a hacker that is targeting a hospital, you should turn them in for the reward money. :mad:

The FBI said it was investigating the paralyzing attack on MedStar Health Inc., which forced records systems offline, prevented patients from booking appointments, and left staff unable to check email messages or even look up phone numbers.
Click to expand...

I would be more pissed that my hospital was stupid enough to let shit like this happen.
 
MIRTBelGeran said:
I work for a large medical company. For the past few years we have been investing heavily in real time security forensics tools because spending the thousands of hours shoring up user access is simply not effective enough and will not protect against these types of breaches (Dont get me wrong there is a forever project of audit and remediation). In the comments above I see a HUGE misconception of how these things happen. Non-IT Users do not need administrative access all they need is access to sensitive data for an effective ransomware attack. This was a ransomware attack that went widespread. If the attack was coordinated and not just started by a single user phish the initial breach could have happened months previously and laid non-destructive until enough knowledge of the network was learned to gain access to critical systems. If you want to learn much about how these things happen and how difficult it is to erect an adequate defense look up "PtH". That is one of several unpatchable exploits used and it is a major league dirty little secret of IT security. You will need additional key words to get a useful data search for "PtH"

On a day to day basis I use 2 Factor authentication and my administrative password is changed every 24 hrs. with a randomly generated character string of letters numbers and symbols. Every time I want to use it I have the check it out from a password vault. I also only use these credentials from a VDI desktop that gets wiped out every time I log off.

BTW I don't post much on the forums but have been a member for MANY years and continue to read and enjoy some of the conversations that occur on the site.
Click to expand...

My previous post regarding idiot users and management demanding convenience wasn't about granting admin rights. It's true that stupid users can be one of the weakest links in any network. I was talking about dumb things like management insisting password standards be lowered, users complaining that they can't get to the internet on networks and workstations that do not require internet access, users wanting to bring their own devices(laptops, tablets, phones, whatever) with god knows what already on them, complaints about file servers not being accessible from the guest wifi network, etc. Management listening to the demands of stupid users and overriding IT decisions can be a major hindrance in a lot of places.
 
You must log in or register to reply here.
Back
Top