Armed Polite Society
Main Forums => The Roundtable => Topic started by: MillCreek on November 26, 2020, 03:00:50 PM
-
https://www.nytimes.com/2020/11/26/us/hospital-cyber-attack.html
Clearly, American healthcare did not have enough to worry about with the pandemic and all.
-
Way to be asleep at the switch, 46!
-
Put Hillary on it, she has experience
-
I can't read the article because they want me to log in, which I don't want to do. Is this the University of Vermont ransomware attack? If so, they weren't really asleep at the switch. They had layers of protection in place, but they weren't good enough. A good friend of mine is an IT manager for a large hospital chain around here. He knows the head of IT at UVM.
My friend's hospital has had their entire IT department working overtime for the past two or three months, trying to anticipate where and how the next attack will come and shore up the defenses in advance. They know that their system is constantly being probed. So far, they've been able to keep the doors closed. Partially as a result of the UVM attack, the local hospital has a doomsday plan -- if they see an attack getting through their first line of defense, they're just going to pull the plug and shut the whole system down.
A smaller hospital near here (in fact, the hospital where my hip replacement was done last year) got hit. Fortunately, that hospital has a public web site that's pretty much separate from the internal network with patient records, etc. The attack took the public web site off-line, but it didn't get to the actual medical network, so they dodged that bullet. But it was a wake-up call. Whoever is doing this has shifted from attacking municipalities (which they were doing with regularity a year or two ago) to going after hospitals.
-
Air gap FTW...
-
A USB device can EASILY get around your Air Gap in a Hospital
-
Air gap FTW...
Really, really not feasible with the pushes for healthcare information exchange in the US. This is a good place to start: Health Information Technology for Economic and Clinical Health Act (https://en.wikipedia.org/wiki/Health_Information_Technology_for_Economic_and_Clinical_Health_Act) Hospitals are more or less expected and in someplace required to be tied into healthcare information exchanges.
A smaller hospital near here (in fact, the hospital where my hip replacement was done last year) got hit. Fortunately, that hospital has a public web site that's pretty much separate from the internal network with patient records, etc. The attack took the public web site off-line, but it didn't get to the actual medical network, so they dodged that bullet. But it was a wake-up call. Whoever is doing this has shifted from attacking municipalities (which they were doing with regularity a year or two ago) to going after hospitals.
Appropriate comic:
(https://imgs.xkcd.com/comics/cia.png)
-
(https://memegenerator.net/img/instances/80998296.jpg)
-
Really, really not feasible with the pushes for healthcare information exchange in the US. This is a good place to start: Health Information Technology for Economic and Clinical Health Act (https://en.wikipedia.org/wiki/Health_Information_Technology_for_Economic_and_Clinical_Health_Act) Hospitals are more or less expected and in someplace required to be tied into healthcare information exchanges.
Appropriate comic:
(https://imgs.xkcd.com/comics/cia.png)
I know it's overly simplified, but I was going for a tongue in cheek. "Doctor, it hurts when I do X!". Doctor: "Well stop doing that!"