Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




Mad Scientist
18104 posts

Uber Geek
+1 received by user: 2268

Trusted
Lifetime subscriber

Topic # 152221 20-Sep-2014 10:34
Send private message

http://www.nzherald.co.nz/nz/news/article.cfm?c_id=1&objectid=11328395

 

Police are investigating after attempts were allegedly made to hack a nationwide patient database.

 

In an email obtained by the Otago Daily Times, Southern Primary Health Organisation clinical adviser Keith Abbott, of Dunedin, warned GPs and health organisations about the ''significant hacking attempt'' on September 9.

 

He said the hacker tried to gain access to DrInfo, which is used by health boards, including the Southern District Health Board, medical centres and GPs around the country.

 

''Starting at 11am on September 9, in one case continuously lasting for 12 hours, a single IP [internet protocol] address has made over 20 million attempts to guess the passwords of practices, PHOs and DHBs in New Zealand,'' Dr Abbott said.

View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2
11014 posts

Uber Geek
+1 received by user: 3454

Trusted
Subscriber

  Reply # 1132587 20-Sep-2014 10:39
Send private message

It sounds pretty good that their system resisted that sort of concerted effort.





177 posts

Master Geek
+1 received by user: 48


  Reply # 1132589 20-Sep-2014 10:43
Send private message

Sure hope their systems blocked the IP after a few attempts - unless the 20 million attempts were after the IP was locked out.

 
 
 
 


Try Wrike: fast, easy, and efficient project collaboration software


Mad Scientist
18104 posts

Uber Geek
+1 received by user: 2268

Trusted
Lifetime subscriber

  Reply # 1132599 20-Sep-2014 10:51
One person supports this post
Send private message

yeah my first reaction was - after 3 attempts you do something - 20 million attempts! gosh

1299 posts

Uber Geek
+1 received by user: 231

Subscriber

  Reply # 1132608 20-Sep-2014 11:07
One person supports this post
Send private message

leaplae: Sure hope their systems blocked the IP after a few attempts - unless the 20 million attempts were after the IP was locked out.


I'm kind of disappointed that they didn't name the location of where there IP address is located.




Laptop: MacBook Pro (15-inch, 2017)

 

Desktop: iMac (27-inch, 2017)

 

Smartphone: iPhone X 256GB 'Space Grey'

 

Additional devices: Apple TV 4K, UniFi Security Gateway + UniFi Access Point AC HD + UniFi Switch US-8 + Cloud Key

 

Services: BigPipe, Skinny Direct

1628 posts

Uber Geek
+1 received by user: 580

Lifetime subscriber

  Reply # 1132632 20-Sep-2014 11:45
Send private message

While the attempt was unsuccessful, this is why I will be opting out of the e record medical system.

Once access gained, search for people prescribed

Dolutegravir/abacavir/lamivudine 

Mifepristine

Peginterferon

Viagra

Etc.

A.





Webhead
1927 posts

Uber Geek
+1 received by user: 577

Trusted
Subscriber

  Reply # 1132641 20-Sep-2014 12:06
Send private message

leaplae: Sure hope their systems blocked the IP after a few attempts - unless the 20 million attempts were after the IP was locked out.


Those kind of attacks are usually distributed now. That means you get a whole bunch of bots (infected computers, usually running Windows), that try to brute force their way in. Its pretty common, for example it is pretty common for WordPress sites to see those kind of distributed brute force attacks.






Mad Scientist
18104 posts

Uber Geek
+1 received by user: 2268

Trusted
Lifetime subscriber

  Reply # 1132643 20-Sep-2014 12:09
2 people support this post
Send private message

Infected computers attacking a health site ... how apocalyptic!

177 posts

Master Geek
+1 received by user: 48


  Reply # 1132685 20-Sep-2014 13:08
Send private message

jarledb:
leaplae: Sure hope their systems blocked the IP after a few attempts - unless the 20 million attempts were after the IP was locked out.


Those kind of attacks are usually distributed now. That means you get a whole bunch of bots (infected computers, usually running Windows), that try to brute force their way in. Its pretty common, for example it is pretty common for WordPress sites to see those kind of distributed brute force attacks.


I know, but this one was from a single IP.

'That VDSL Cat'
7500 posts

Uber Geek
+1 received by user: 1489

Trusted
Spark
Subscriber

  Reply # 1132718 20-Sep-2014 14:10
Send private message

kawaii:
leaplae: Sure hope their systems blocked the IP after a few attempts - unless the 20 million attempts were after the IP was locked out.


I'm kind of disappointed that they didn't name the location of where there IP address is located.


ild expect this was proxied though a IP in another country...


gotta be pretty stupid to do it while exposing your real ip!




#include <std_disclaimer>

 

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.


790 posts

Ultimate Geek
+1 received by user: 354

Subscriber

  Reply # 1132773 20-Sep-2014 17:10
One person supports this post
Send private message

afe66: While the attempt was unsuccessful, this is why I will be opting out of the e record medical system.

Once access gained, search for people prescribed

Dolutegravir/abacavir/lamivudine 

Mifepristine

Peginterferon

Viagra

Etc.

A.






Thats nice...... but did you know that when you "opt-out" all your medical records are STILL put into the "cloud" along with everyone else's and they are simply marked as "inaccessible". Your records can NOT be removed or deleted.

Better yet, I opted out with medtech, but that information was never sent to my GP, and it was not easy for him to find where to opt me out.

The cloud goal also keep changing, so what you believed was happening with your information can change at any stage on the whim of the ministry of health, they have no obligation to inform you of these changes, it is up to you to ask your GP (who is also not guaranteed to be informed).

Were you told that you had to opt-out, the default is that everyone who is enrolled with a medical practice is opted in. In some cases you may also find that if you opt-out you may loose all your health subsidies.


Talk DIrtY to me
4201 posts

Uber Geek
+1 received by user: 2240

Trusted
Subscriber

  Reply # 1132801 20-Sep-2014 17:38
Send private message

joker97: http://www.nzherald.co.nz/nz/news/article.cfm?c_id=1&objectid=11328395

Police are investigating after attempts were allegedly made to hack a nationwide patient database. In an email obtained by the Otago Daily Times, Southern Primary Health Organisation clinical adviser Keith Abbott, of Dunedin, warned GPs and health organisations about the ''significant hacking attempt'' on September 9. He said the hacker tried to gain access to DrInfo, which is used by health boards, including the Southern District Health Board, medical centres and GPs around the country. ''Starting at 11am on September 9, in one case continuously lasting for 12 hours, a single IP [internet protocol] address has made over 20 million attempts to guess the passwords of practices, PHOs and DHBs in New Zealand,'' Dr Abbott said.


Sorry about that, the Enter key on my keyboard was stuck. embarassedembarassedembarassed




Whatifthespacekeyhadneverbeeninvented?


973 posts

Ultimate Geek
+1 received by user: 148

UberGroup

  Reply # 1132829 20-Sep-2014 18:22
Send private message

Hahaha I like how everyone is missing the point that this system was available outside of connected health




Most problems are the result of previous solutions...

All comment's I make are my own personal opinion and do not in any way, shape or form reflect the views of current or former employers unless specifically stated 

1628 posts

Uber Geek
+1 received by user: 580

Lifetime subscriber

  Reply # 1132841 20-Sep-2014 18:40
One person supports this post
Send private message

sir1963:


Thats nice...... but did you know that when you "opt-out" all your medical records are STILL put into the "cloud" along with everyone else's and they are simply marked as "inaccessible". Your records can NOT be removed or deleted.

Better yet, I opted out with medtech, but that information was never sent to my GP, and it was not easy for him to find where to opt me out.

The cloud goal also keep changing, so what you believed was happening with your information can change at any stage on the whim of the ministry of health, they have no obligation to inform you of these changes, it is up to you to ask your GP (who is also not guaranteed to be informed).

Were you told that you had to opt-out, the default is that everyone who is enrolled with a medical practice is opted in. In some cases you may also find that if you opt-out you may loose all your health subsidies.




I attended the presentation/push for the proposed electronic records system  last year.

I expressed my cynicism at the time about their faith in system security having seen it at work in in hospitals. Didn't stop Jessie Ridders radiology records being accessed. Sure they knew who it was because they used their own login details which was stupid.

Questions about security of information being stored overseas was met with rolled eyes.

Yes, I know you had to opt out. I was at the presentation.

My eyes rolled at the " limiited access " to these records to trusted people... So doctors, nurses, district nurses practice nurses, pharmacist, physiotherapy, midwife, occupational therapists, SLT ...all those passwords, all those pc's being left on...

A.


2940 posts

Uber Geek
+1 received by user: 428

Trusted
Subscriber

  Reply # 1132895 20-Sep-2014 20:31
Send private message

Beccara: Hahaha I like how everyone is missing the point that this system was available outside of connected health


Agreed.  There's a giant private WAN link available to healthcare organisations for the sole purpose of making this kind of system available to authorised users.  The problem is that some practices are too cheap to connect in, so all too many systems have to be made available on the public internet.  The MoH really needs to strangle (financially, and maybe literally) any provider who refuses to link to Connected Health.

973 posts

Ultimate Geek
+1 received by user: 148

UberGroup

  Reply # 1132901 20-Sep-2014 20:48
Send private message

I dont blame them given how bad HealthLink are to deal with




Most problems are the result of previous solutions...

All comment's I make are my own personal opinion and do not in any way, shape or form reflect the views of current or former employers unless specifically stated 

 1 | 2
View this topic in a long page with up to 500 replies per page Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Amazon launches the International Shopping Experience in the Amazon Shopping App
Posted 19-Apr-2018 08:38


Spark New Zealand and TVNZ to bring coverage of Rugby World Cup 2019
Posted 16-Apr-2018 06:55


How Google can seize Microsoft Office crown
Posted 14-Apr-2018 11:08


How back office transformation drives IRD efficiency
Posted 12-Apr-2018 21:15


iPod laws in a smartphone world: will we ever get copyright right?
Posted 12-Apr-2018 21:13


Lightbox service using big data and analytics to learn more about customers
Posted 9-Apr-2018 12:11


111 mobile caller location extended to iOS
Posted 6-Apr-2018 13:50


Huawei announces the HUAWEI P20 series
Posted 29-Mar-2018 11:41


Symantec Internet Security Threat Report shows increased endpoint technology risks
Posted 26-Mar-2018 18:29


Spark switches on long-range IoT network across New Zealand
Posted 26-Mar-2018 18:22


Stuff Pix enters streaming video market
Posted 21-Mar-2018 09:18


Windows no longer Microsoft’s main focus
Posted 13-Mar-2018 07:47


Why phone makers are obsessed with cameras
Posted 11-Mar-2018 12:25


New Zealand Adopts International Open Data Charter
Posted 3-Mar-2018 12:48


Shipments tumble as NZ phone upgrades slow
Posted 2-Mar-2018 11:48



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.