Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




Mad Scientist
19340 posts

Uber Geek
+1 received by user: 2531

Trusted
Lifetime subscriber

Topic # 152221 20-Sep-2014 10:34
Send private message

http://www.nzherald.co.nz/nz/news/article.cfm?c_id=1&objectid=11328395

 

Police are investigating after attempts were allegedly made to hack a nationwide patient database.

 

In an email obtained by the Otago Daily Times, Southern Primary Health Organisation clinical adviser Keith Abbott, of Dunedin, warned GPs and health organisations about the ''significant hacking attempt'' on September 9.

 

He said the hacker tried to gain access to DrInfo, which is used by health boards, including the Southern District Health Board, medical centres and GPs around the country.

 

''Starting at 11am on September 9, in one case continuously lasting for 12 hours, a single IP [internet protocol] address has made over 20 million attempts to guess the passwords of practices, PHOs and DHBs in New Zealand,'' Dr Abbott said.




Swype on iOS is detrimental to accurate typing. Apologies in advance.


View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2
12153 posts

Uber Geek
+1 received by user: 3965

Trusted
Lifetime subscriber

  Reply # 1132587 20-Sep-2014 10:39
Send private message

It sounds pretty good that their system resisted that sort of concerted effort.





179 posts

Master Geek
+1 received by user: 49


  Reply # 1132589 20-Sep-2014 10:43
Send private message

Sure hope their systems blocked the IP after a few attempts - unless the 20 million attempts were after the IP was locked out.

 
 
 
 




Mad Scientist
19340 posts

Uber Geek
+1 received by user: 2531

Trusted
Lifetime subscriber

  Reply # 1132599 20-Sep-2014 10:51
One person supports this post
Send private message

yeah my first reaction was - after 3 attempts you do something - 20 million attempts! gosh




Swype on iOS is detrimental to accurate typing. Apologies in advance.


1419 posts

Uber Geek
+1 received by user: 269

Subscriber

  Reply # 1132608 20-Sep-2014 11:07
One person supports this post
Send private message

leaplae: Sure hope their systems blocked the IP after a few attempts - unless the 20 million attempts were after the IP was locked out.


I'm kind of disappointed that they didn't name the location of where there IP address is located.




Laptop: MacBook Pro (15-inch, 2017)
Desktop: iMac (27-inch, 2017)
Smartphone: iPhone Xs Max 256GB 'Space Grey'
Additional devices: Unifi Security Gateway, Unifi Switch, Unifi AP AC HD, Unifi Cloud Key, Apple TV 4K 64GB
Services: iCloud, YouTube Premium, Wordpress, Skinny

 


1876 posts

Uber Geek
+1 received by user: 686

Lifetime subscriber

  Reply # 1132632 20-Sep-2014 11:45
Send private message

While the attempt was unsuccessful, this is why I will be opting out of the e record medical system.

Once access gained, search for people prescribed

Dolutegravir/abacavir/lamivudine 

Mifepristine

Peginterferon

Viagra

Etc.

A.





Webhead
2146 posts

Uber Geek
+1 received by user: 708

Moderator
Trusted
Lifetime subscriber

  Reply # 1132641 20-Sep-2014 12:06
Send private message

leaplae: Sure hope their systems blocked the IP after a few attempts - unless the 20 million attempts were after the IP was locked out.


Those kind of attacks are usually distributed now. That means you get a whole bunch of bots (infected computers, usually running Windows), that try to brute force their way in. Its pretty common, for example it is pretty common for WordPress sites to see those kind of distributed brute force attacks.






Mad Scientist
19340 posts

Uber Geek
+1 received by user: 2531

Trusted
Lifetime subscriber

  Reply # 1132643 20-Sep-2014 12:09
2 people support this post
Send private message

Infected computers attacking a health site ... how apocalyptic!




Swype on iOS is detrimental to accurate typing. Apologies in advance.


179 posts

Master Geek
+1 received by user: 49


  Reply # 1132685 20-Sep-2014 13:08
Send private message

jarledb:
leaplae: Sure hope their systems blocked the IP after a few attempts - unless the 20 million attempts were after the IP was locked out.


Those kind of attacks are usually distributed now. That means you get a whole bunch of bots (infected computers, usually running Windows), that try to brute force their way in. Its pretty common, for example it is pretty common for WordPress sites to see those kind of distributed brute force attacks.


I know, but this one was from a single IP.

'That VDSL Cat'
9077 posts

Uber Geek
+1 received by user: 1993

Trusted
Spark
Subscriber

  Reply # 1132718 20-Sep-2014 14:10
Send private message

kawaii:
leaplae: Sure hope their systems blocked the IP after a few attempts - unless the 20 million attempts were after the IP was locked out.


I'm kind of disappointed that they didn't name the location of where there IP address is located.


ild expect this was proxied though a IP in another country...


gotta be pretty stupid to do it while exposing your real ip!




#include <std_disclaimer>

 

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.


813 posts

Ultimate Geek
+1 received by user: 360


  Reply # 1132773 20-Sep-2014 17:10
One person supports this post
Send private message

afe66: While the attempt was unsuccessful, this is why I will be opting out of the e record medical system.

Once access gained, search for people prescribed

Dolutegravir/abacavir/lamivudine 

Mifepristine

Peginterferon

Viagra

Etc.

A.






Thats nice...... but did you know that when you "opt-out" all your medical records are STILL put into the "cloud" along with everyone else's and they are simply marked as "inaccessible". Your records can NOT be removed or deleted.

Better yet, I opted out with medtech, but that information was never sent to my GP, and it was not easy for him to find where to opt me out.

The cloud goal also keep changing, so what you believed was happening with your information can change at any stage on the whim of the ministry of health, they have no obligation to inform you of these changes, it is up to you to ask your GP (who is also not guaranteed to be informed).

Were you told that you had to opt-out, the default is that everyone who is enrolled with a medical practice is opted in. In some cases you may also find that if you opt-out you may loose all your health subsidies.


4552 posts

Uber Geek
+1 received by user: 2521

Trusted

  Reply # 1132801 20-Sep-2014 17:38
Send private message

joker97: http://www.nzherald.co.nz/nz/news/article.cfm?c_id=1&objectid=11328395

Police are investigating after attempts were allegedly made to hack a nationwide patient database. In an email obtained by the Otago Daily Times, Southern Primary Health Organisation clinical adviser Keith Abbott, of Dunedin, warned GPs and health organisations about the ''significant hacking attempt'' on September 9. He said the hacker tried to gain access to DrInfo, which is used by health boards, including the Southern District Health Board, medical centres and GPs around the country. ''Starting at 11am on September 9, in one case continuously lasting for 12 hours, a single IP [internet protocol] address has made over 20 million attempts to guess the passwords of practices, PHOs and DHBs in New Zealand,'' Dr Abbott said.


Sorry about that, the Enter key on my keyboard was stuck. embarassedembarassedembarassed




Whatifthespacekeyhadneverbeeninvented?


999 posts

Ultimate Geek
+1 received by user: 168

UberGroup

  Reply # 1132829 20-Sep-2014 18:22
Send private message

Hahaha I like how everyone is missing the point that this system was available outside of connected health




Most problems are the result of previous solutions...

All comment's I make are my own personal opinion and do not in any way, shape or form reflect the views of current or former employers unless specifically stated 

1876 posts

Uber Geek
+1 received by user: 686

Lifetime subscriber

  Reply # 1132841 20-Sep-2014 18:40
One person supports this post
Send private message

sir1963:


Thats nice...... but did you know that when you "opt-out" all your medical records are STILL put into the "cloud" along with everyone else's and they are simply marked as "inaccessible". Your records can NOT be removed or deleted.

Better yet, I opted out with medtech, but that information was never sent to my GP, and it was not easy for him to find where to opt me out.

The cloud goal also keep changing, so what you believed was happening with your information can change at any stage on the whim of the ministry of health, they have no obligation to inform you of these changes, it is up to you to ask your GP (who is also not guaranteed to be informed).

Were you told that you had to opt-out, the default is that everyone who is enrolled with a medical practice is opted in. In some cases you may also find that if you opt-out you may loose all your health subsidies.




I attended the presentation/push for the proposed electronic records system  last year.

I expressed my cynicism at the time about their faith in system security having seen it at work in in hospitals. Didn't stop Jessie Ridders radiology records being accessed. Sure they knew who it was because they used their own login details which was stupid.

Questions about security of information being stored overseas was met with rolled eyes.

Yes, I know you had to opt out. I was at the presentation.

My eyes rolled at the " limiited access " to these records to trusted people... So doctors, nurses, district nurses practice nurses, pharmacist, physiotherapy, midwife, occupational therapists, SLT ...all those passwords, all those pc's being left on...

A.


3044 posts

Uber Geek
+1 received by user: 467

Trusted
Subscriber

  Reply # 1132895 20-Sep-2014 20:31
Send private message

Beccara: Hahaha I like how everyone is missing the point that this system was available outside of connected health


Agreed.  There's a giant private WAN link available to healthcare organisations for the sole purpose of making this kind of system available to authorised users.  The problem is that some practices are too cheap to connect in, so all too many systems have to be made available on the public internet.  The MoH really needs to strangle (financially, and maybe literally) any provider who refuses to link to Connected Health.

999 posts

Ultimate Geek
+1 received by user: 168

UberGroup

  Reply # 1132901 20-Sep-2014 20:48
Send private message

I dont blame them given how bad HealthLink are to deal with




Most problems are the result of previous solutions...

All comment's I make are my own personal opinion and do not in any way, shape or form reflect the views of current or former employers unless specifically stated 

 1 | 2
View this topic in a long page with up to 500 replies per page Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Geekzone Live »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.