1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

What happens when your entire IT department is incompetent

Discussion in 'Bits & Bytes' started by Biker, Feb 17, 2016.

  1. Biker

    Biker Administrator Staff Member

    Unreal. Absolutely unreal.

    A Hospital Paralyzed by Hackers

    I can't believe that the staff there could be that bloody incompetent. No backups, no alternative procedures in the event of a catastrophic failure, no nothing it seems. The only thing I can think of is the IT department has requested the ability to do their job and the board has denied it. Otherwise, we have a medical facility that has an IT staff that hasn't been doing their job.

    And if they fell down on the basics, just how well are they protecting patient records as required under HIPPA?
     
    dsl987 likes this.
  2. dsl987

    dsl987 Member

    I've read about this before, seems to be happening more and more often.
     
  3. Greg

    Greg Full Member

    This is why opt out of every medical database that allows the option. Or every database for that matter
     
  4. MemphisMark

    MemphisMark Old School Conservative

    I recall another hospital was infected, I don't think it was ransomware. The IT department had everything pretty tight, however...

    There are/were roll around consoles that dispensed medication. These were bigger than the PC's the nurses use today. Anyway, someone found out how to get past the restrictions and was watching pr0n on said system. A visit to such one illicit site is how the virus got past all of the security and brought the entire network to its knees.

    I also recall a police department 2-3 years ago was infected by ransomware, I don't recall if they paid or not.
     
  5. MemphisMark

    MemphisMark Old School Conservative

    Biker, I agree. Any IT person worth their salt would have a layered defense and multiple recovery avenues, unless the Head Honcho/BoD said, "We don't want to spend the money."

    If that hospital survives the rest of the year (who wants to go to a hospital that can't keep their medical records secure?) it's still a 50/50, because if they were skinflints before, this probably won't change too much.
     
    Greg likes this.
  6. cmhbob

    cmhbob Did...did I do that? Staff Member

  7. MemphisMark

    MemphisMark Old School Conservative

    cmhbob, reading that article made me see the similarities between ransomware and Somali pirates.

    The Somali pirates seize control of expensive ships loaded with expensive goods, then demand low ransoms (relative to the value of the ship and cargo) to let the ship continue. The shipping companies were even factoring the ransom into the delivery cost of the cargo like just another tax or tarif. Those pirates were running that operation for years, until someone decided enough was enough and the ships started shooting back, killing the pirates and sinking their boats.

    This "business model" will be profitable to the cyber-pirates, until someone decides to hunt them down, bust in their door, knock them down by kicking them in the 'nads, then stepping on their neck while putting a bullet between their eyes and posting the encounter on YouTube.

    When you look at the cost of paying a $500 ransom two or three times a year for ransomware attacks versus the cost of the hardware and staff to prevent or blunt such attacks, it makes perfect sense to put up with the inconvenience and just pay for it.

    Then again, if hackers can encrypt the data, the can also capture it. Companies and agencies need to factor the cost of their classified (and incriminating) documents becoming public knowledge when weighing the price of not having someone knowledgeable in IT security on their staff.

    I'm sure the next-generation "hostageware" is already in beta testing. I can see it as a dormant virus, that would phone home by squirting inconspicuous packets here and there from different IP addresses to get under the radar of firewalls and outbound packet sniffers. Once the initial structure of the network under attack is researched, a quick disabling of outbound firewalls and a massive data dump to broadcast the files in question to the hackers could be conducted. Sounding out the network and servers would take days, maybe weeks because the hostageware would keep its clock cycles to a minimum to avoid detection. The target will never know they have been attacked and taken hostage until they get the email that says "we have your data."

    Once the data is outside the firewall, it has been kidnapped. And even if you pay the ransom, you can never be sure you possess the only copy of it now.

    This is the kind of shit I think about every day. How to do it so I can prevent it.
     
  8. Biker

    Biker Administrator Staff Member

    Nice to see another professional agree on taking responsibility.

    If you think ransomware is a user failure, you’re a failure

    Excellent article.
     
    dsl987 and Allene like this.

Share This Page