Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




Mad Scientist
22582 posts

Uber Geek

Trusted
Lifetime subscriber

#152221 20-Sep-2014 10:34
Send private message

http://www.nzherald.co.nz/nz/news/article.cfm?c_id=1&objectid=11328395

 

Police are investigating after attempts were allegedly made to hack a nationwide patient database.

 

In an email obtained by the Otago Daily Times, Southern Primary Health Organisation clinical adviser Keith Abbott, of Dunedin, warned GPs and health organisations about the ''significant hacking attempt'' on September 9.

 

He said the hacker tried to gain access to DrInfo, which is used by health boards, including the Southern District Health Board, medical centres and GPs around the country.

 

''Starting at 11am on September 9, in one case continuously lasting for 12 hours, a single IP [internet protocol] address has made over 20 million attempts to guess the passwords of practices, PHOs and DHBs in New Zealand,'' Dr Abbott said.




Involuntary autocorrect in operation on mobile device. Apologies in advance.


View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2
14694 posts

Uber Geek

Trusted
Lifetime subscriber

  #1132587 20-Sep-2014 10:39
Send private message

It sounds pretty good that their system resisted that sort of concerted effort.





183 posts

Master Geek


  #1132589 20-Sep-2014 10:43
Send private message

Sure hope their systems blocked the IP after a few attempts - unless the 20 million attempts were after the IP was locked out.

 
 
 
 




Mad Scientist
22582 posts

Uber Geek

Trusted
Lifetime subscriber

  #1132599 20-Sep-2014 10:51
Send private message

yeah my first reaction was - after 3 attempts you do something - 20 million attempts! gosh




Involuntary autocorrect in operation on mobile device. Apologies in advance.


1496 posts

Uber Geek

Subscriber

  #1132608 20-Sep-2014 11:07
Send private message

leaplae: Sure hope their systems blocked the IP after a few attempts - unless the 20 million attempts were after the IP was locked out.


I'm kind of disappointed that they didn't name the location of where there IP address is located.




Laptop: MacBook Pro (15-inch, 2017)
Desktop: iMac (27-inch, 2017)
Smartphone: iPhone 11 Pro Max 256GB 'Space Grey'
Additional devices: Unifi Security Gateway, Unifi Switch, Unifi AP AC HD, Unifi Cloud Key, Apple TV 4K 64GB
Services: YouTube Premium, Wordpress, Skinny Mobile and Broadband, G Suite

 


2420 posts

Uber Geek

Lifetime subscriber

  #1132632 20-Sep-2014 11:45
Send private message

While the attempt was unsuccessful, this is why I will be opting out of the e record medical system.

Once access gained, search for people prescribed

Dolutegravir/abacavir/lamivudine 

Mifepristine

Peginterferon

Viagra

Etc.

A.





Webhead
2518 posts

Uber Geek

Moderator
Trusted
Lifetime subscriber

  #1132641 20-Sep-2014 12:06
Send private message

leaplae: Sure hope their systems blocked the IP after a few attempts - unless the 20 million attempts were after the IP was locked out.


Those kind of attacks are usually distributed now. That means you get a whole bunch of bots (infected computers, usually running Windows), that try to brute force their way in. Its pretty common, for example it is pretty common for WordPress sites to see those kind of distributed brute force attacks.



Mad Scientist
22582 posts

Uber Geek

Trusted
Lifetime subscriber

  #1132643 20-Sep-2014 12:09
Send private message

Infected computers attacking a health site ... how apocalyptic!




Involuntary autocorrect in operation on mobile device. Apologies in advance.


 
 
 
 


183 posts

Master Geek


  #1132685 20-Sep-2014 13:08
Send private message

jarledb:
leaplae: Sure hope their systems blocked the IP after a few attempts - unless the 20 million attempts were after the IP was locked out.


Those kind of attacks are usually distributed now. That means you get a whole bunch of bots (infected computers, usually running Windows), that try to brute force their way in. Its pretty common, for example it is pretty common for WordPress sites to see those kind of distributed brute force attacks.


I know, but this one was from a single IP.

'That VDSL Cat'
12453 posts

Uber Geek

Trusted
Spark
Subscriber

  #1132718 20-Sep-2014 14:10
Send private message

kawaii:
leaplae: Sure hope their systems blocked the IP after a few attempts - unless the 20 million attempts were after the IP was locked out.


I'm kind of disappointed that they didn't name the location of where there IP address is located.


ild expect this was proxied though a IP in another country...


gotta be pretty stupid to do it while exposing your real ip!




#include <std_disclaimer>

 

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.

 


1183 posts

Uber Geek

Subscriber

  #1132773 20-Sep-2014 17:10
Send private message

afe66: While the attempt was unsuccessful, this is why I will be opting out of the e record medical system.

Once access gained, search for people prescribed

Dolutegravir/abacavir/lamivudine 

Mifepristine

Peginterferon

Viagra

Etc.

A.






Thats nice...... but did you know that when you "opt-out" all your medical records are STILL put into the "cloud" along with everyone else's and they are simply marked as "inaccessible". Your records can NOT be removed or deleted.

Better yet, I opted out with medtech, but that information was never sent to my GP, and it was not easy for him to find where to opt me out.

The cloud goal also keep changing, so what you believed was happening with your information can change at any stage on the whim of the ministry of health, they have no obligation to inform you of these changes, it is up to you to ask your GP (who is also not guaranteed to be informed).

Were you told that you had to opt-out, the default is that everyone who is enrolled with a medical practice is opted in. In some cases you may also find that if you opt-out you may loose all your health subsidies.


5306 posts

Uber Geek

Trusted

  #1132801 20-Sep-2014 17:38
Send private message

joker97: http://www.nzherald.co.nz/nz/news/article.cfm?c_id=1&objectid=11328395

Police are investigating after attempts were allegedly made to hack a nationwide patient database. In an email obtained by the Otago Daily Times, Southern Primary Health Organisation clinical adviser Keith Abbott, of Dunedin, warned GPs and health organisations about the ''significant hacking attempt'' on September 9. He said the hacker tried to gain access to DrInfo, which is used by health boards, including the Southern District Health Board, medical centres and GPs around the country. ''Starting at 11am on September 9, in one case continuously lasting for 12 hours, a single IP [internet protocol] address has made over 20 million attempts to guess the passwords of practices, PHOs and DHBs in New Zealand,'' Dr Abbott said.


Sorry about that, the Enter key on my keyboard was stuck. embarassedembarassedembarassed




Whatifthespacekeyhadneverbeeninvented?


1285 posts

Uber Geek


  #1132829 20-Sep-2014 18:22
Send private message

Hahaha I like how everyone is missing the point that this system was available outside of connected health




Most problems are the result of previous solutions...

All comment's I make are my own personal opinion and do not in any way, shape or form reflect the views of current or former employers unless specifically stated 

2420 posts

Uber Geek

Lifetime subscriber

  #1132841 20-Sep-2014 18:40
Send private message

sir1963:


Thats nice...... but did you know that when you "opt-out" all your medical records are STILL put into the "cloud" along with everyone else's and they are simply marked as "inaccessible". Your records can NOT be removed or deleted.

Better yet, I opted out with medtech, but that information was never sent to my GP, and it was not easy for him to find where to opt me out.

The cloud goal also keep changing, so what you believed was happening with your information can change at any stage on the whim of the ministry of health, they have no obligation to inform you of these changes, it is up to you to ask your GP (who is also not guaranteed to be informed).

Were you told that you had to opt-out, the default is that everyone who is enrolled with a medical practice is opted in. In some cases you may also find that if you opt-out you may loose all your health subsidies.




I attended the presentation/push for the proposed electronic records system  last year.

I expressed my cynicism at the time about their faith in system security having seen it at work in in hospitals. Didn't stop Jessie Ridders radiology records being accessed. Sure they knew who it was because they used their own login details which was stupid.

Questions about security of information being stored overseas was met with rolled eyes.

Yes, I know you had to opt out. I was at the presentation.

My eyes rolled at the " limiited access " to these records to trusted people... So doctors, nurses, district nurses practice nurses, pharmacist, physiotherapy, midwife, occupational therapists, SLT ...all those passwords, all those pc's being left on...

A.


3209 posts

Uber Geek

Trusted
Subscriber

  #1132895 20-Sep-2014 20:31
Send private message

Beccara: Hahaha I like how everyone is missing the point that this system was available outside of connected health


Agreed.  There's a giant private WAN link available to healthcare organisations for the sole purpose of making this kind of system available to authorised users.  The problem is that some practices are too cheap to connect in, so all too many systems have to be made available on the public internet.  The MoH really needs to strangle (financially, and maybe literally) any provider who refuses to link to Connected Health.

1285 posts

Uber Geek


  #1132901 20-Sep-2014 20:48
Send private message

I dont blame them given how bad HealthLink are to deal with




Most problems are the result of previous solutions...

All comment's I make are my own personal opinion and do not in any way, shape or form reflect the views of current or former employers unless specifically stated 

 1 | 2
View this topic in a long page with up to 500 replies per page Create new topic




News »

Freeview On Demand app launches on Sony Android TVs
Posted 6-Aug-2020 13:35


UFB hits more than one million connections
Posted 6-Aug-2020 09:42


D-Link A/NZ extends COVR Wi-Fi EasyMesh System series with new three-pack
Posted 4-Aug-2020 15:01


New Zealand software Rfider tracks coffee from Colombia all the way to New Zealand businesses
Posted 3-Aug-2020 10:35


Logitech G launches Pro X Wireless gaming headset
Posted 3-Aug-2020 10:21


Sony Alpha 7S III provides supreme imaging performance
Posted 3-Aug-2020 10:11


Sony introduces first CFexpress Type A memory card
Posted 3-Aug-2020 10:05


Marsello acquires Goody consolidating online and in-store marketing position
Posted 30-Jul-2020 16:26


Fonterra first major customer for Microsoft's New Zealand datacentre
Posted 30-Jul-2020 08:07


Everything we learnt at the IBM Cloud Forum 2020
Posted 29-Jul-2020 14:45


Dropbox launches native HelloSign workflow and data residency in Australia
Posted 29-Jul-2020 12:48


Spark launches 5G in Palmerston North
Posted 29-Jul-2020 09:50


Lenovo brings speed and smarter features to new 5G mobile gaming phone
Posted 28-Jul-2020 22:00


Withings raises $60 million to enable bridge between patients and healthcare
Posted 28-Jul-2020 21:51


QNAP integrates Catalyst Cloud Object Storage into Hybrid Backup solution
Posted 28-Jul-2020 21:40



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.