Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Crime Security Medicine The Almighty Buck IT

Months After Hacks, DHS Sends a Warning About Hospital Ransomware (vice.com) 59

An anonymous reader writes: Since February, at least a dozen hospitals have been affected by ransomware, malware that encrypts a victim's files until they cough up a bounty to the hackers. In response, US-CERT, the country's Computer Emergency Readiness Team, issued an alert on March 31 warning potential victims of the risks, and how to protect themselves. But, considering that some hospitals have already had to divert emergency services, push high-risk operations to future dates, and even turn away some patients, is the alert too little, too late?
This discussion has been archived. No new comments can be posted.

Months After Hacks, DHS Sends a Warning About Hospital Ransomware

Comments Filter:
  • by JoeyRox ( 2711699 ) on Friday April 01, 2016 @11:46AM (#51824071)
    To Hospital Facility,

    Hello, my name is Mandori Tugelli, and I am a foreign national from the country of Nigeria. With great sadness and events my great uncle has passed away. To help in my sorrow I have learned that my uncle has left me a very large inheritance. Unfortunately to collect this money I require the help of a USA business such as yours because my uncle left all his funds in US Dollars. If you could kindly click the link provided below and fill out the banking information for you business I will gladly offer you 50% of the proceeds for helping me collect my inheritance.

    Kind Regards,

    Mr. Mandori Tugelli
    • Mandori Tugelli,

      After our bill your uncle inheritance is -$50K and we are willing to wave the -$50K. Sorry for your loss.

    • Where is the link? I would love to help!
    • Please send link! I must click on it!
      • by KGIII ( 973947 )

        I am currently having an email conversation (it has gone on for almost two weeks now) with some Chinese spammer. So far, so good but I'm not really sure where to go with it. They make glass doors. I'm thinking about having them send me a sample.

  • Someone is fucking lying. Nevermind, I've been told everyone is fucking lying.
  • Interesting (Score:4, Interesting)

    by The-Ixian ( 168184 ) on Friday April 01, 2016 @11:51AM (#51824095)

    I happened to be watching broadcast TV yesterday and I saw a PSA put on by some kind of law enforcement organization.

    The PSA was about public wifi hotspots and told people to turn off their wifi when they leave the house and if you do connect to a public wifi hotspot, don't do e-commerce or other sensitive transactions.

    I was floored. It was such a good and informative message I couldn't believe its source.

    Perhaps there is a governmental push for these types of messages now...

    • I just use SSL. My browser loses its shit if my bank or Amazon uses a non-verisigned SSL certificate, and I don't put my credit card number in crazy.
  • Obligatory loosely-related Monty Python bit [youtube.com]: Now I know some hospitals where you get the patients lying around in bed... well that's not how we do things here, right!

  • Why not, CERT? Don't you think this is relevant?

  • what a SLASHVERTISEMENT is?

    • by sims 2 ( 994794 )

      Alright! Now /. Is being more clear with their advertising.

      Although I didn't expect to find out that every single post was paid.

      SLASHVERTISEMENT: What /. users call paid (aka sponsored) posts that are not identified as such...Except today!

    • It's simply an anagram for "Heavers Smelt Nits." (Isn't that mostly what we do here?)

      • Or maybe it's a commentary on Candidate Trump, and Former Candidate Rubio for trying to beat him at his own game: "Statesmen Shrivel"

        • Or maybe part of the endless Vim vs. Emacs debate: Vim fans tout "the Vim's alertness" and Emacs folks, tired of hearing it, respond with "threaten less Vims" and are relieved to hear that The Prophet Stallman "reseals tenth Vims" just in time to avert the coming apocalypse.

  • STOP USING XP (Score:4, Informative)

    by Billly Gates ( 198444 ) on Friday April 01, 2016 @12:13PM (#51824221) Journal

    I for one refuse to work for hospitals. Not only do they treat IT like plumbers and do not respect them if they have no PHD, but they run XP SP 2 ... SP 3 might be ready someday??! They use IE 6 and IE 7. Their cisco routers are turn of the century and still BSD Unix based.

    Oh and it is IT's fault if they get ransomware.

    The whole FDA certification created this mess! But worse, insurance companies are nickle and diming their budgets. If XP works DON"T touch it.

    If people used WIndows 8/10 (yeah it looks funny boo hiss ) with secureboot it wouldn't load half of these ransomware as rootkits could be blocked.

    A lesson here for those who use XP with no updates with a smile :-) ... if it happened to them it could happen to you.

    • by Anonymous Coward

      That's an insult to plumbers. Most IT people are lazy and useless, don't understand the technology they are supposed to support, and have zero communication skills!

    • by Anonymous Coward

      It is IT's fault. You are the morons letting exe, bat, and other file types through to your users. In addition, you are the same IT morons who are too stupid/lazy to segment your networks. Most of those PC's are using T/S. There is no reason that the terminal server should be on the same network with the PCs.

      You add no cost to segment your network but you're simply to lazy or lack education; both of which indicate you shouldn't be in the field.

      Many of them I've met wouldn't even make good Walmart greete

      • by Anonymous Coward

        The recent Medstar incident was due to an unpatched exploit in JBOSS that's been known for over a year on a public facing web server. It had zero to do with stupid users or email. Medstar has an interim CIO who's first order of business was budget cuts. Guess which got cut first? If you said IT Security you win a cookie.

        And I'm told things are a lot worse there than Medstar is saying. And critical patient records are definitely inaccessible.

    • by Anonymous Coward

      You have one government agency telling you that you cannot update your software/systems until they are FDA certified, you have another government agency telling you that you should upgrade your systems immediately to prevent attack, you have vendors that are non-responsive when it comes to upgrading their systems because "it works", not to mention the cost to upgrade is so high. Also these systems have to be on the network to download and upload data...

    • by plover ( 150551 )

      The credit card sector figured out how to incorporate patching into their requirements - not applying regular patches means no PCI certification. The FDA has to climb into this millennium and start requiring the ongoing patching of medical systems as well. And that means everything from nurse's station PCs to ultrasound units to drug pumps.

      This is how I see it (roughly estimating the numbers):

      A machine with an FDA-approved configuration performs safely 99.99% or more of the time.
      FDA approval is needed for

  • by Dunbal ( 464142 ) * on Friday April 01, 2016 @01:49PM (#51824751)
    I find it amazing that none of these hospitals are making regular backups of their files. Storage is not the expensive part.
  • by SecurityGuy ( 217807 ) on Friday April 01, 2016 @01:58PM (#51824789)

    Ransomware has been around for quite a long time. The solution (backups, training, patching, etc) have, too. So am I upset that DHS hasn't already issued a warning about a threat that's been around longer than DHS? No. Anybody responsible for medical IT security already knows. Now, whether they're actually allowed to do anything about it may be a different story entirely.

  • Comment removed based on user account deletion
  • by Rick Zeman ( 15628 ) on Friday April 01, 2016 @08:27PM (#51826131)

    Anyone who reads US-CERT alerts probably wouldn't be in their predicament to begin with.

  • The solution is to totally ban Microsoft Windows in Hospitals:

    "Microsoft excludes all implied warranties and conditions, including those of merchantability, fitness for a particular purpose, and non-infringement." ref [microsoft.com]

Genius is ten percent inspiration and fifty percent capital gains.

Working...