NHS! Attacked

[Shut Up Legs]

Somehow Australia seems to have missed out on this (pure luck?). Let's hope it stays that way.

 

[srw]

What you need to know about the WannaCry Ransomware

That suggests that the .xls, .ppt and .doc filetypes which were used by the versions of Office compatible with Windows XP are unaffected.

 

[screenman]

Because some hospitals have actually bothered to update their systems and have proper information security protocols in place...

This Is nothing really to do with the government - and very much to do with NHS Digital (one of the most frustrating NHS organisations to try and work with) and individual trusts.

The way I read that is, some people working for the NHS may not be working flat out 25 hours a day without time to eat or drink.

 

[bruce1530]

Somehow Australia seems to have missed out on this (pure luck?). Let's hope it stays that way.

Perhaps timing. There’s a suspicion that this is malware that has been distributed for several days, and was waiting for a specific trigger event or timer to start replicating itself. The switch to limit the spread was flicked several hours later. Around the same time, the anti-virus suppliers were updating their signature files. So there was a limited time window when the malware was spreading most rapidly.

In Australia - and in parts of the US - that was overnight. In Europe, where the infection is worst, it was daytime.

 

[classic33]

Worrying indeed, but why haven't all hospitals been affected

Question asked last night and it was pointed out that some of the private companies operating within the same hospitals were hit first.

Private company deals with booking in patients at the local hospital. Passing that information onto the hospital, via computer.

 

[Tin Pot]

Obviously a nightmare for patients and frontline staff everywhere, but I have zero compassion for the broader NHS and their foreign counterparts.

They been putting tiny little flags on this particular sand castle for decades, hoping it won't get kicked over.

And the response will be....build another sandcastle.

I'm sitting on my hands if any of them want it sorted out - PM me!

 

[ufkacbln]

True, our patient management software and data (SOEL Health), and x-ray system (PACS) is on a central server somewhere and our PC's are just clients. I think a version of Citrix is used.

However we are expected to write letters, get info off the internet, prepare powerpoint etc and for that what we use everywhere are basically just bog standard Windows PCs (XP and Windows 7 here). They have been crippled in BIOS so we can't write to CD or memory stick though.

Shaun

I have to purchase secure memory sticks for this reason

I encourage students to spend spare time at work on their projects, and occasionally they need to save ( anonymised) images for case studies etc, and this is the only way apart from the rather dodgy use of online storage such as Box, Dropbox etc

 

[ufkacbln]

I

Question asked last night and it was pointed out that some of the private companies operating within the same hospitals were hit first.

Private company deals with booking in patients at the local hospital. Passing that information onto the hospital, via computer.

In our case we kept the N 3 separate for the Private company

Right from the line in, there is no connection to the N HS network

 

[classic33]

I



In our case we kept the N 3 separate for the Private company

Right from the line in, there is no connection to the N HS network

Access to basic patient information, but able to pass that information over to medical staff.

 

[srw]

reported

It's not impossible that that's the key word.

 

[ufkacbln]

Access to basic patient information, but able to pass that information over to medical staff.

Nope - not even that acess

 

[Inertia]

The link I posted earlier (and didn't supply a full enough description for) describes how an IT expert accidentally found, registered, and used the key domain name that switched off the attack in some places. It's an interesting read, entitled 'Accidental Hero'.

I saw that and it was pretty interesting that registering the Domain was the kill switch. Although he didn't know what registering it would do, it was still clever thinking. It cost him around £10, a lot of people people owe him thanks.

 

[classic33]

Nope - not even that acess

That's what they have at the local hospital.

 

[ufkacbln]

That's what they have at the local hospital.

We closed it down for various reasons.

Any NHS administration required (i.e. Our patients) we administrate, and then pass to the Private Company

 

[bruce1530]

I saw that and it was pretty interesting that registering the Domain was the kill switch. Although he didn't know what registering it would do, it was still clever thinking. It cost him around £10, a lot of people people owe him thanks.

If the media reports are true - and I think they’re only partial truth - then it certainly wasn’t clever thinking. (*)

He saw that the malware was trying to contact a specific domain. He thought “I wonder what that domain does”, and registered it. He got lucky - it acted as a “kill switch” and inhibited the growth of the malware. That was luck.

But he didn’t know in advance that that would happen. It was just good luck, and he’s now a hero. But what if the existence of that domain had been designed to have precisely the opposite effect - a switch to increase the targeting and aggressiveness of this code?

He was examining a bomb. He found a secret button. He pressed it, without knowing whether that button was “disarm” or “detonate”.

(*) I am guessing - and hoping - that the media reports on this are just as inaccurate as they have been on the rest of the incident, and that the behaviour had been analysed in a sandbox before they created this new domain.