Waikato DHB IT Outage

Forums › IT Pro and developers › Waikato DHB IT Outage

1 | 2 | 3 | 4 | 5 | 6

6530 posts

Uber Geek

Trusted

#2712940 25-May-2021 18:00

BlinkyBill:
RadioNZ just read out some medical records, payroll info, and letters from Snee, on air. Sent to media outlets from the criminals.

Let them release the lot. In fact challenge them to do so. Make it obvious it doesn't matter. That way their threat has no value and therefore releasing it isn't going to benefit the criminals. Thus they probably won't release it.

Sony Xperia XA2 running Sailfish OS. https://sailfishos.org The true independent open source mobile OS
Samsung Galaxy Tab S6
Dell Inspiron 14z i5

frankv

5680 posts

Uber Geek

Lifetime subscriber

#2713100 26-May-2021 09:24

Technofreak:
BlinkyBill:

RadioNZ just read out some medical records, payroll info, and letters from Snee, on air. Sent to media outlets from the criminals.

Let them release the lot. In fact challenge them to do so. Make it obvious it doesn't matter. That way their threat has no value and therefore releasing it isn't going to benefit the criminals. Thus they probably won't release it.

Whilst your data isn't sensitive, that isn't true for everyone.

Instead of selling it back to the DHB, they could sell it to Google or Facebook or [insert your favourite data aggregator]. Or to Southern Cross Health Insurance.

dafman

3925 posts

Uber Geek

Trusted

#2713112 26-May-2021 10:01

Technofreak:

Let them release the lot. In fact challenge them to do so. Make it obvious it doesn't matter.

It might matter, a lot, to many of the patients whose data they hold.

Hospitals carry out a lot of sensitive services, eg. abortions, mental health, physical abuse injuries etc

Beccara

1469 posts

Uber Geek

ID Verified

#2713121 26-May-2021 10:24

Yeah that's never, ever, ever going to happen. Privacy Act/Health Information Privacy Code/HISF would crucify any person or team that did that. You'd be setting back healthcare trust decades, many people i'd wager would rather the ransom paid than their data end up on dark Wikileaks

Most problems are the result of previous solutions...

All comment's I make are my own personal opinion and do not in any way, shape or form reflect the views of current or former employers unless specifically stated

afe66

3181 posts

Uber Geek

Lifetime subscriber

#2713126 26-May-2021 10:46

I get spam frequently to my hdb outlook address.

One of things that frustrates me is the default view on my outlook just shows the name not the full email address which screams spam unless you go to the extra step of clicking an asking for the full address to be displayed.

I seriously doubt pbtech is involved in rollout of office as an example....

Ps.can you change the view so full address is displayed by default ?

alasta

6703 posts

Uber Geek

Trusted

Subscriber

#2713129 26-May-2021 10:53

As someone with limited IT skills, I am quite fascinated by the suggestion that something like this could be kicked off by a staff member clicking on a malicious email attachment.

Scam emails are becoming increasingly sophisticated and convincing and it seems unrealistic to assume that noone within a large organisation will ever make a misjudgment, even if they are educated about cyber security. It really scares me that IT departments seem to be running around telling people that there is no way that this dangerous single point of failure can be mitigated.

If that is true then large organisations better hope that they have seriously solid business continuity plans for major IT systems outages.

Beccara

1469 posts

Uber Geek

ID Verified

#2713134 26-May-2021 11:06

If and this is a big IF you are up against a state level APT group then yes, a single email will bring you down and there is almost nothing you can do to stop them, people who are willing to drop 0-days against you that would fetch $250k/500k/1mil+ on the black market are scary and really are the IT boogieman, it's rare for such a group to have you in their sights tho and 9/10 even advanced phishing attempts are going to have more automated payloads that trigger systems using known exploits.

A fully staffed SoC with actively monitored IDS/Siem solution might catch it early enough to keep sections of the org running but remember, computers that were disconnected from the internet and isolated away still got pwned when a state level actor wanted to get to them (Stuxnet). Many people can't comprehend the difference between the call center scammers and APT groups, it's like the difference between dealing with a gang and dealing with a US seal team

Tradepub

Free professional, reference and technical white papers (affiliate link).

frankv

5680 posts

Uber Geek

Lifetime subscriber

#2713137 26-May-2021 11:14

Beccara:

Yeah that's never, ever, ever going to happen. Privacy Act/Health Information Privacy Code/HISF would crucify any person or team that did that. You'd be setting back healthcare trust decades, many people i'd wager would rather the ransom paid than their data end up on dark Wikileaks

Yeah. But it's not an either/or. It could be that the ransom is paid and the data is sold to dark Wikileaks anyway.

How much do you trust a criminal? Their moral compass is clearly somewhat different to ours, particularly that they're willing to set healthcare trust back by decades to make a few bucks. I guess a career kidnapper would probably want to always deliver on his end of the bargain when the ransom is paid, because it improves the chances of getting his next ransom. But you don't know exactly who you're dealing with here. And, unlike a human kidnapping, you also don't know if a copy of the data is retained for on-sale to a third party.

I think that the criminals' strategy here was way off, however. If they'd made their threat without bringing down the network, the DHB might have quietly paid the ransom. I'd guess that they've already lost more than the ransom in lost productivity and patient trust.

networkn

Networkn
32350 posts

Uber Geek

ID Verified

Trusted

Lifetime subscriber

#2713139 26-May-2021 11:20

The thing is, with ransomware, if it becomes common knowledge that paying won't get your data back, then there is no motivation to pay ever. I have heard of Ransomware Groups who acted against rogue ransomware groups who had 2-3 goes at a target, or who didn't give back the data.

If you don't believe you'll get your data back, you won't pay, it's simple.

In every case we have managed on behalf of clients who have paid, data has been recovered. I am not saying there aren't exceptions, but the entire premise disappears if people don't trust they can get their data back.

Batman

Mad Scientist
29761 posts

Uber Geek

Trusted

Lifetime subscriber

#2713143 26-May-2021 11:52

This is very concerning. What will happen when we have one national everything.....

SATTV

1648 posts

Uber Geek

ID Verified

#2713150 26-May-2021 12:20

Batman: This is very concerning. What will happen when we have one national everything.....

You are not wrong there, my wife was bought up to Auckland Hospital yesterday from Waikato Hospital ( Broken ankle ) and in the ambulance there was a patent they were bring up for cancer treatment ( now understand given the article in todays paper )

I was speaking to a Nurse in CDU and they said they are only accepting paper from Waikato, the Auckland DHB is blocking all emails ( and patient records ) from Waikato as they do not trust what is back up and running just yet.

If all hospitals are on the same system and this happens again ( I am sure it will ) then it will be chaos NZ wide.

John

I know enough to be dangerous

afe66

3181 posts

Uber Geek

Lifetime subscriber

#2713158 26-May-2021 12:34

Some software in dunedin is hosted and run from Christchurch hospital so a couple of months back when chch fell over so did dunedin and I assume Invercargill.

dafman

3925 posts

Uber Geek

Trusted

#2713164 26-May-2021 13:05

Batman: This is very concerning. What will happen when we have one national everything.....

What will happen when we have one global everything ... the internet of things.

One single point of failure. For everything.

Batman

Mad Scientist
29761 posts

Uber Geek

Trusted

Lifetime subscriber

#2713181 26-May-2021 13:54

Aren't we talking about "intranet" here as opposed to Internet?

The beauty of Internet is if we have counter hackers we should be able to counter attack

Batman

Mad Scientist
29761 posts

Uber Geek

Trusted

Lifetime subscriber

#2713184 26-May-2021 13:55

SATTV:
Batman: This is very concerning. What will happen when we have one national everything.....

You are not wrong there, my wife was bought up to Auckland Hospital yesterday from Waikato Hospital ( Broken ankle ) and in the ambulance there was a patent they were bring up for cancer treatment ( now understand given the article in todays paper )

I was speaking to a Nurse in CDU and they said they are only accepting paper from Waikato, the Auckland DHB is blocking all emails ( and patient records ) from Waikato as they do not trust what is back up and running just yet.

If all hospitals are on the same system and this happens again ( I am sure it will ) then it will be chaos NZ wide.

John

Not accepting emails from waikato. Wow good point though. That means far from resolved.

1 | 2 | 3 | 4 | 5 | 6