Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


Mad Scientist
18614 posts

Uber Geek
+1 received by user: 2365

Trusted
Lifetime subscriber

Topic # 152221 20-Sep-2014 10:34
Send private message

http://www.nzherald.co.nz/nz/news/article.cfm?c_id=1&objectid=11328395

 

Police are investigating after attempts were allegedly made to hack a nationwide patient database.

 

In an email obtained by the Otago Daily Times, Southern Primary Health Organisation clinical adviser Keith Abbott, of Dunedin, warned GPs and health organisations about the ''significant hacking attempt'' on September 9.

 

He said the hacker tried to gain access to DrInfo, which is used by health boards, including the Southern District Health Board, medical centres and GPs around the country.

 

''Starting at 11am on September 9, in one case continuously lasting for 12 hours, a single IP [internet protocol] address has made over 20 million attempts to guess the passwords of practices, PHOs and DHBs in New Zealand,'' Dr Abbott said.

View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2
11465 posts

Uber Geek
+1 received by user: 3679

Trusted
Subscriber

  Reply # 1132587 20-Sep-2014 10:39
Send private message

It sounds pretty good that their system resisted that sort of concerted effort.





178 posts

Master Geek
+1 received by user: 48


  Reply # 1132589 20-Sep-2014 10:43
Send private message

Sure hope their systems blocked the IP after a few attempts - unless the 20 million attempts were after the IP was locked out.



Mad Scientist
18614 posts

Uber Geek
+1 received by user: 2365

Trusted
Lifetime subscriber

  Reply # 1132599 20-Sep-2014 10:51
One person supports this post
Send private message

yeah my first reaction was - after 3 attempts you do something - 20 million attempts! gosh

1362 posts

Uber Geek
+1 received by user: 241

Subscriber

  Reply # 1132608 20-Sep-2014 11:07
One person supports this post
Send private message

leaplae: Sure hope their systems blocked the IP after a few attempts - unless the 20 million attempts were after the IP was locked out.


I'm kind of disappointed that they didn't name the location of where there IP address is located.




Laptop: MacBook Pro (15-inch, 2017)
Desktop: iMac (27-inch, 2017)
Smartphone: iPhone X 256GB 'Space Grey'
Additional devices: Unifi Security Gateway, Unifi Switch, Unifi AP AC HD, Unifi Cloud Key, Apple TV 4K 64GB
Services: iCloud, YouTube Premium, Apple Music, Wordpress, Skinny

 


1750 posts

Uber Geek
+1 received by user: 633

Lifetime subscriber

  Reply # 1132632 20-Sep-2014 11:45
Send private message

While the attempt was unsuccessful, this is why I will be opting out of the e record medical system.

Once access gained, search for people prescribed

Dolutegravir/abacavir/lamivudine 

Mifepristine

Peginterferon

Viagra

Etc.

A.





Webhead
2022 posts

Uber Geek
+1 received by user: 645

Moderator
Trusted
Lifetime subscriber

  Reply # 1132641 20-Sep-2014 12:06
Send private message

leaplae: Sure hope their systems blocked the IP after a few attempts - unless the 20 million attempts were after the IP was locked out.


Those kind of attacks are usually distributed now. That means you get a whole bunch of bots (infected computers, usually running Windows), that try to brute force their way in. Its pretty common, for example it is pretty common for WordPress sites to see those kind of distributed brute force attacks.






Mad Scientist
18614 posts

Uber Geek
+1 received by user: 2365

Trusted
Lifetime subscriber

  Reply # 1132643 20-Sep-2014 12:09
2 people support this post
Send private message

Infected computers attacking a health site ... how apocalyptic!

178 posts

Master Geek
+1 received by user: 48


  Reply # 1132685 20-Sep-2014 13:08
Send private message

jarledb:
leaplae: Sure hope their systems blocked the IP after a few attempts - unless the 20 million attempts were after the IP was locked out.


Those kind of attacks are usually distributed now. That means you get a whole bunch of bots (infected computers, usually running Windows), that try to brute force their way in. Its pretty common, for example it is pretty common for WordPress sites to see those kind of distributed brute force attacks.


I know, but this one was from a single IP.

'That VDSL Cat'
8100 posts

Uber Geek
+1 received by user: 1693

Trusted
Spark
Subscriber

  Reply # 1132718 20-Sep-2014 14:10
Send private message

kawaii:
leaplae: Sure hope their systems blocked the IP after a few attempts - unless the 20 million attempts were after the IP was locked out.


I'm kind of disappointed that they didn't name the location of where there IP address is located.


ild expect this was proxied though a IP in another country...


gotta be pretty stupid to do it while exposing your real ip!




#include <std_disclaimer>

 

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.


795 posts

Ultimate Geek
+1 received by user: 355

Subscriber

  Reply # 1132773 20-Sep-2014 17:10
One person supports this post
Send private message

afe66: While the attempt was unsuccessful, this is why I will be opting out of the e record medical system.

Once access gained, search for people prescribed

Dolutegravir/abacavir/lamivudine 

Mifepristine

Peginterferon

Viagra

Etc.

A.






Thats nice...... but did you know that when you "opt-out" all your medical records are STILL put into the "cloud" along with everyone else's and they are simply marked as "inaccessible". Your records can NOT be removed or deleted.

Better yet, I opted out with medtech, but that information was never sent to my GP, and it was not easy for him to find where to opt me out.

The cloud goal also keep changing, so what you believed was happening with your information can change at any stage on the whim of the ministry of health, they have no obligation to inform you of these changes, it is up to you to ask your GP (who is also not guaranteed to be informed).

Were you told that you had to opt-out, the default is that everyone who is enrolled with a medical practice is opted in. In some cases you may also find that if you opt-out you may loose all your health subsidies.


Talk DIrtY to me
4309 posts

Uber Geek
+1 received by user: 2305

Trusted
Subscriber

  Reply # 1132801 20-Sep-2014 17:38
Send private message

joker97: http://www.nzherald.co.nz/nz/news/article.cfm?c_id=1&objectid=11328395

Police are investigating after attempts were allegedly made to hack a nationwide patient database. In an email obtained by the Otago Daily Times, Southern Primary Health Organisation clinical adviser Keith Abbott, of Dunedin, warned GPs and health organisations about the ''significant hacking attempt'' on September 9. He said the hacker tried to gain access to DrInfo, which is used by health boards, including the Southern District Health Board, medical centres and GPs around the country. ''Starting at 11am on September 9, in one case continuously lasting for 12 hours, a single IP [internet protocol] address has made over 20 million attempts to guess the passwords of practices, PHOs and DHBs in New Zealand,'' Dr Abbott said.


Sorry about that, the Enter key on my keyboard was stuck. embarassedembarassedembarassed




Whatifthespacekeyhadneverbeeninvented?


985 posts

Ultimate Geek
+1 received by user: 155

UberGroup

  Reply # 1132829 20-Sep-2014 18:22
Send private message

Hahaha I like how everyone is missing the point that this system was available outside of connected health




Most problems are the result of previous solutions...

All comment's I make are my own personal opinion and do not in any way, shape or form reflect the views of current or former employers unless specifically stated 

1750 posts

Uber Geek
+1 received by user: 633

Lifetime subscriber

  Reply # 1132841 20-Sep-2014 18:40
One person supports this post
Send private message

sir1963:


Thats nice...... but did you know that when you "opt-out" all your medical records are STILL put into the "cloud" along with everyone else's and they are simply marked as "inaccessible". Your records can NOT be removed or deleted.

Better yet, I opted out with medtech, but that information was never sent to my GP, and it was not easy for him to find where to opt me out.

The cloud goal also keep changing, so what you believed was happening with your information can change at any stage on the whim of the ministry of health, they have no obligation to inform you of these changes, it is up to you to ask your GP (who is also not guaranteed to be informed).

Were you told that you had to opt-out, the default is that everyone who is enrolled with a medical practice is opted in. In some cases you may also find that if you opt-out you may loose all your health subsidies.




I attended the presentation/push for the proposed electronic records system  last year.

I expressed my cynicism at the time about their faith in system security having seen it at work in in hospitals. Didn't stop Jessie Ridders radiology records being accessed. Sure they knew who it was because they used their own login details which was stupid.

Questions about security of information being stored overseas was met with rolled eyes.

Yes, I know you had to opt out. I was at the presentation.

My eyes rolled at the " limiited access " to these records to trusted people... So doctors, nurses, district nurses practice nurses, pharmacist, physiotherapy, midwife, occupational therapists, SLT ...all those passwords, all those pc's being left on...

A.


2978 posts

Uber Geek
+1 received by user: 453

Trusted
Subscriber

  Reply # 1132895 20-Sep-2014 20:31
Send private message

Beccara: Hahaha I like how everyone is missing the point that this system was available outside of connected health


Agreed.  There's a giant private WAN link available to healthcare organisations for the sole purpose of making this kind of system available to authorised users.  The problem is that some practices are too cheap to connect in, so all too many systems have to be made available on the public internet.  The MoH really needs to strangle (financially, and maybe literally) any provider who refuses to link to Connected Health.

985 posts

Ultimate Geek
+1 received by user: 155

UberGroup

  Reply # 1132901 20-Sep-2014 20:48
Send private message

I dont blame them given how bad HealthLink are to deal with




Most problems are the result of previous solutions...

All comment's I make are my own personal opinion and do not in any way, shape or form reflect the views of current or former employers unless specifically stated 

 1 | 2
View this topic in a long page with up to 500 replies per page Create new topic

Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Microsoft Dynamics 365 Business Central launches
Posted 10-Jul-2018 10:40


Spark completes first milestone in voice platform upgrade
Posted 10-Jul-2018 09:36


Microsoft ices heated developers
Posted 6-Jul-2018 20:16


PB Technologies charged for its extended warranties and warned for bait advertising
Posted 3-Jul-2018 15:45


Almost 20,000 people claim credits from Spark
Posted 29-Jun-2018 10:40


Cove sells NZ's first insurance policy via chatbot
Posted 25-Jun-2018 10:04


N4L helping TAKA Trust bridge the digital divide for Lower Hutt students
Posted 18-Jun-2018 13:08


Winners Announced for 2018 CIO Awards
Posted 18-Jun-2018 13:03


Logitech Rally sets new standard for USB-connected video conference cameras
Posted 18-Jun-2018 09:27


Russell Stanners steps down as Vodafone NZ CEO
Posted 12-Jun-2018 09:13


Intergen recognised as 2018 Microsoft Country Partner of the Year for New Zealand
Posted 12-Jun-2018 08:00


Finalists Announced For Microsoft NZ Partner Awards
Posted 6-Jun-2018 15:12


Vocus Group and Vodafone announce joint venture to accelerate fibre innovation
Posted 5-Jun-2018 10:52


Kogan.com to launch Kogan Mobile in New Zealand
Posted 4-Jun-2018 14:34


Enable doubles fibre broadband speeds for its most popular wholesale service in Christchurch
Posted 2-Jun-2018 20:07



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.