Waikato DHB IT Outage

Forums › IT Pro and developers › Waikato DHB IT Outage

1 | 2 | 3 | 4 | 5 | 6

5680 posts

Uber Geek

Lifetime subscriber

#2713589 27-May-2021 08:29

Oswold:
Batman: Is it possible to encrypt data such that if hacked it cannot be read?

I too would like to know this?
If the data is encrypted at rest then if they did get the data all the private info would be encrypted and unreadable, technically speaking?

Encrypted at rest means that if the media (e.g. HDD, SSD) is stolen, it cannot be read. (Except perhaps by Mossad or the NSA or Chinese or Russian or who knows what other intelligence agency).

But it does need to be readable by humans, so there will be an en/decryption layer on servers and/or other devices. When someone logs in, it will enable that layer, and all disk read/writes will go through that. Reads will be decrypted, and writes will be encrypted. If the criminals have access via that decryption pathway, (e.g. their app is run by a user with valid credentials) then they will be able to read the data and, depending on the permissions of the user, change it. Obviously?? if they can save data encrypted with a different encryption key to be able to hold the owner to ransom and eventually restore the data, they must already have access to read it unencrypted.

Beccara

1469 posts

Uber Geek

ID Verified

#2713604 27-May-2021 08:42

There's a saying in Cryptography "Don't roll your own crypto", It's incredibly hard to implement encryption securely and one small chink in the armor brings the whole thing down most of the time.

A classic example of this was Windows and Bitlocker which would let you encrypt your hard drive (Encrypted at rest as Frankv explained) the trouble was for MS that in order to not make this horribly slow it would default to using the hard drives firmware to "encrypt" the data which was perfectly fine except a few hard drive vendors used keys which were basically 000000000000000000000. MS was basically forced to change the default to software encryption because of it. SSL used in HTTPS also has a few good examples of issues with CA's acting poorly threatening the trust/security of HTTPS

Most problems are the result of previous solutions...

All comment's I make are my own personal opinion and do not in any way, shape or form reflect the views of current or former employers unless specifically stated

Sideface

9357 posts

Uber Geek

Trusted

Lifetime subscriber

#2713676 27-May-2021 11:25

Guess which DHB is still using Windows 7? ...

Radio NZ - Waikato DHB cyber attack: 'Lack of urgency'

today

National Party deputy leader and a former lecturer in cyber security, Dr Shane Reti, said there had been a lack of urgency across parts of the government over cyber security.

It has been nine days since the ransomware attack on the Waikato DHB.

But speaking to Morning Report, Reti said generally by day three organisations would know if information had been compromised.

"What I wasn't seeing across the sector was regular cyber security training. We know that there were some issues at Waikato DHB ... they were having a slow migration to Windows 10."

"They had lowered their peripheral firewall to Outlook 365 so you can access external email servers like Hotmail and Gmail."

Disclaimer - I am not a National Party supporter.

Sideface

1101

3122 posts

Uber Geek

#2713695 27-May-2021 12:12

Sideface:

Guess which DHB is still using Windows 7? ...

Win7, Win10 . I bet it wouldnt have mattered either way.
Malware gets past even 100% updated & patched OS's & AV's .

I suspect theres much more to this story than the media know about.
There must be a reason their IT still have systems down & locked out . Too many workstations potentially compromised for them to deal with ?
Too many obselete OS's & software for them to risk bringing back online now ?

networkn

Networkn
32351 posts

Uber Geek

ID Verified

Trusted

Lifetime subscriber

#2713702 27-May-2021 12:31

It's not just about restoring the systems, that is time-consuming enough, it's about ensuring that they won't end up hit again in a couple of days or weeks by dormant hooks embedded in their system going forward.

If they cannot be certain of that, then they likely may take the opportunity to 'start fresh' and that means building again from scratch and restoring data only, rather than entire systems completely.

What you are hearing from the press and the organization itself is likely a fraction of what is being done, discovered, and dealt with, entirely. There are good reasons for that to be kept from the press.

Also take into account that vendors from various systems and providers may need to be involved, each with their own set of requirements, time frames and availability.

Most people will never comprehend the size of the nightmare that something like this is, and the cost is likely to be massive.

Batman

Mad Scientist
29763 posts

Uber Geek

Trusted

Lifetime subscriber

#2713709 27-May-2021 12:37

1101:

Sideface:

Guess which DHB is still using Windows 7? ...

Win7, Win10 . I bet it wouldnt have mattered either way.
Malware gets past even 100% updated & patched OS's & AV's .

I suspect theres much more to this story than the media know about.
There must be a reason their IT still have systems down & locked out . Too many workstations potentially compromised for them to deal with ?
Too many obselete OS's & software for them to risk bringing back online now ?

i'd love to know how it happened. just curious, for no other reason.

shrub

775 posts

Ultimate Geek

ID Verified

#2713785 27-May-2021 13:16

I'm picking the hackers had access to critical servers for a few days/weeks prior to the big shut down. Will be very interesting to see what comes out of this for other dhb's and government departments. I suspect we will see more intranet biased systems and difficulties doing daily tasks.

Quic Broadband

Move to New Zealand's best fibre broadband service (affiliate link). Free setup code: R587125ERQ6VE. Note that to use Quic Broadband you must be comfortable with configuring your own router.

cruxis

481 posts

Ultimate Geek

#2713804 27-May-2021 13:54

This hack shows, that a "No questions Asked" covid vaccinations needs to happen after group 4 for those who dont want to be on another DHB database.

frankv

5680 posts

Uber Geek

Lifetime subscriber

#2713805 27-May-2021 13:55

shrub: Will be very interesting to see what comes out of this for other dhb's and government departments. I suspect we will see more intranet biased systems and difficulties doing daily tasks.

I'm picking that the amble towards the Cloud will become a charge (in the mistaken belief that all the security is built-in) or a rout (because if you have a problem, you need to disconnect from the Internet, and lose all your Cloud data and apps).

frankv

5680 posts

Uber Geek

Lifetime subscriber

#2713815 27-May-2021 14:09

cruxis:

This hack shows, that a "No questions Asked" covid vaccinations needs to happen after group 4 for those who dont want to be on another DHB database.

I don't think that immunisations go onto the DHB clinical database, but that may vary from one DHB to another. But if they do, they'll likely go into the same database as most other clinical information. If you've had a lab test or radiology image or been treated at a hospital, you will already be in the DHB database. So, for 99.99% of people a covid vaccination will make no difference to whether you're in a DHB database or not.

I believe that there is a single national database run by the MoH for covid immunisations. You might only go into that when you're vaccinated. But almost certainly not... more likely you're already in it, or you'll be added when you're invited, or request a vaccination.

"No questions asked" will never be a thing unless we already have herd immunity. Because it's a public health issue to be able to identify those who have been immunised and those who haven't.

cruxis

481 posts

Ultimate Geek

#2713818 27-May-2021 14:30

I agree it won't happen this year. Maybe in 2022 or 2023. I hope it becomes just like buying a flu shot is today.

wellygary

8325 posts

Uber Geek

#2713823 27-May-2021 14:57

cruxis:

I agree it won't happen this year. Maybe in 2022 or 2023. I hope it becomes just like buying a flu shot is today.

Flu shots are recorded on the National Immunisation Register.. even walk ups

https://www.influenza.org.nz/recording-influenza-vaccinations-nir

PolicyGuy

1727 posts

Uber Geek

ID Verified

Lifetime subscriber

#2713839 27-May-2021 14:59

ezbee:
Maybe as a loyal five eyes partner we can ask CIA nicely to see if they can decrypt our data, being friends it does not matter if they keep a copy.

Wrong TLA, it'd be the NSA not the CIA.
The CIA are spies, theoretically always outside the USA.
The NSA are the crypto folks

ezbee:It was said on RNZ that Waikato DHB had not been doing its yearly tests on its backup and restore systems.

Sigh.
Eminently believable.
Doing test restores requires 'spare' servers with lots of disk space to restore onto, also IT folks to do the work, and clued-up users to run tests to make sure the restored data still 'works'
$$$$$$$$$$

tripper1000

1617 posts

Uber Geek

#2713861 27-May-2021 15:42

cruxis: This hack shows, that a "No questions Asked" covid vaccinations needs to happen after group 4 for those who dont want to be on another DHB database.

The premise being that hackers can really use your vaccination data for some kind of gain - ??!!

If you've had any interation what so ever with the health system, you already have a NHI number for them to co-ordinate your health records. Anyone who had a covid swab will have seen that in the confirmation SMS's.

wellygary

8325 posts

Uber Geek

#2713862 27-May-2021 15:47

"The health board was working through about 680 computer servers that needed to be sanitised, restored, and brought back online, he said."

https://www.stuff.co.nz/national/politics/125260696/waikato-dhb-cyber-attack-it-could-take-weeks-to-resurrect-nearly-700-computer-servers

680 Severs?? that sounds like a huge number... but it sounds too many for a server count?? but too small as a workstation count...

1 | 2 | 3 | 4 | 5 | 6