UK hospital meltdown after ransomware worm uses NSA vuln to raid IT UK hospitals have effectively shut down and are turning away non-emergency patients after ransomware ransacked its networks. Some 16 NHS organizations across Blighty – including several hospital trusts such as NHS Mid-Essex CCG and East and North Hertfordshire – have had their files scrambled by a variant of the WannaCrypt, …
Remind me again, how did such an odd and inefficient system come to pass?
A clue for you..... The NHS began in 1948. Who was in government in 1948?
Most NHS computer systems were installed in the early 2000s..... Who was in government in 2000...?
Who got a nice house bought for him in Eaton Square SW1 by Bill Gates? Clue: He was Prime Minister in 2001......
Re: Using Windows?
what a load of bollocks.
The NHS was created by popular demand after the 2nd World War because the men and women who went to war, to defend the free democracies, didn't want to return to a system that punished them for being poor or "just about managing". They wanted a society where equality in the provision of society's services was equal for everyone. - do your homework - look up the Beveridge Report 1942
Most NHS systems were not installed in 2000. They were installed well before - they were extended in the late 1990's so that patients and those providing the required services could do efficiently and safely. The installation of IT services within the NHS was, and continues to be, a model of efficiency and effectiveness. That the service has been downgraded since 2010 is not the fault of the government in power in 2001.
Microsoft Windows was/is used for the exact same reason that nearly every governmental organization in the world uses it. Because it was available; relatively cheap; easy to use; easy to install; there were/are plenty of people skilled in its various technicalities and it does the job exceedingly well.
Who the f* cares who bought whom a house in a posh bit of London? Apart form which, where on earth did you dig that up from? Perhaps you could provide a valid link for the report? I've looked an can't find it. I look forward to enlightening us.
Now, sod off and on your way admire the sheer grit, determination and marvel at the amazing skills of the NHS IT staff as they do all they can to remediate a catastrophic mess for which they can carry no blame.
If you really want know who's responsible look towards the cheapskate management and chap who's name rhymes with c*nt...
I can only speak for England, but you the taxpayer provide ALL GPs with computers and software. And it's all Windows based. I get no choice over hardware, clinical software or even antivirus. And the electronic booking system is only compatible with Internet Explorer... and not even the most recent versions.
We are all doomed
"Aw, come on! The NHS is a large enough customer that if they wanted it on a Linux or BSD system the supplier would do the port."
The NHS is, but bits of the NHS aren't, software running microtitre plate readers for Lab tests is quite specialized and there just aren't that many labs in the NHS in the UK. It took us forever to get a version that would run under Windows 7.
I think you'll find that replicated across many machines and services.
Windows can be secured from running rogue .exes, most Malware is JavaScript based, or macro based, and Sophos' 2017 malware forecast report stated they have seen significant (albeit still low) increases on Linux based ransomware attacks over the past 18 months. It essentially comes down to poor security implementation and practices (the IoT devices used in botnets are running Linux), and poor user education.
Honestly, I'd skip Linux and port medical devices to Android. Everyone's computer is a phone these days anyway and they should be dedicated devices with decent realtime foo that you can lock down to the ground. If you're running antivirus on it, you've already lost.
ChromeOS might also make a good cheap disposable desktops, seeing as the local practise PC's seem to be client-only anyway.
*umbrella*
Well there's also the case that if any network files were encrypted then surely the last pc to encrypt them would have to be the first to decrypt the previously encrypted PCs.. Also NHS has 1.7 million staff.. so even a 1% infection is $5.1million.. Soon adds up. Obviously most PCs shouldn't have any data local so can just be wiped anyway, but then you're dealing with the huge IT task of wiping PC's and checking first, which ones do or don't have any local data that's needed...
I know that I certainly wouldn't like to be IT support on a day like this for them...
The NHS has the world's largest deployment of Microsoft Exchange server. I believe it is somewhere in the region of 850,000 users. NHS England has 1.2 million employees in total, if you include NHS Scotland and NHS Wales, it is 1.4 million. Northern Ireland has its own health service which isn't called the NHS.
They are the world's fourth largest employer, and the three largest - Walmart, People's Liberation Army and Indian Railways, don't have as many people who would use email at work.
So anyway, we are looking at a ransomware demand of at least £200m, which the NHS certainly doesn't have as spare cash.
>if you include NHS Scotland and NHS Wales, it is 1.4 million
The NHS census used for this counts employees multiple times
>They are the world's fourth largest employer, and the three largest Walmart, People's Liberation Army and Indian Railways
McDonalds employs 1.9 million, DoD 3.2 million - there are a dozen more larger than NHS employers even if you use the bogus census data.
Please stop repeating this 'cut the overblown NHS' Daily Telegraph bull
I've never worked on the NHS systems but ive worked on a lot of systems and some were NOT setup to handle this type of attack.....i would hope that the NHS endpoint PC's which are being presented with this ransomeware message are acting as Terminals i.e Installed with windows but locked down to the point that data CANNOT be saved locally to the C:\ drive. That way if the PC is infact encrypted then the patient records that the PC has been accessing are on a Network location and that network location (server) is not affected? - the PC can be re-imaged although inconvenient, recoverable to OS Level. if the PC's hold local databases loaded with patient info then im afraid someone needs an @ss kicking.
N.B would be nice to heard from someone who has worked on the NHS IT Systems at Engineer/1'st/2'nd/3'rd line level to get an idea of the setup.
"ever tried deleting/moving/modifying a file on a network share that you only have "read" permissions to?"
Those file you only have read permission to - how did they get there? Could it be that someone has to have write permission?
On a more practical, albeit longer term scale alternatives to simple shared folder need to be looked at. As one approach I'm currently setting up Nextcloud at home. I have several alternative ways to share files with a client. One is to use the webdav client to sync a specific desktop folder with the server. That means that even if I had a ransomware program running wild on the client PC it could only (a) affect files on the synced folder and (b) the contents of the folder on the server are versioned so that the last good version can be restored.
As we discovered last time the NHS had a ransomware attack - which must have been all of a few months ago - everyone has full permission on everything at an SMB level.
If this turns out to be spread via SMB or anything below layer then someone needs to explain how the network was configured so badly.
trouble is smbv1 is ON by default to turn it off you have to do this (win7) on EACH BOX
sc.exe config lanmanworkstation depend= bowser/mrxsmb20/nsi
sc.exe config mrxsmb10 start= disabled
Now who in a Doctors surgery is going to do that!? And with XP turning of SMBv1 is likely to break things!
this is not a ¨cyber attack¨, this is somebody with admin privileges clicking on something they should not have done.
Some local files being encrypted really should not be a problem these days for a decent IT department, they should have it all puppetised and be wiping and rebuilding those machines now, or this morning, whenever this started.
If their databases have been encrypted then lets hope that they have tested their backup strategy and have already restored this last nights backups
this is not a ¨cyber attack¨, this is somebody with admin privileges clicking on something they should not have done.
Curious then that it has affected so many dispersed bits of the country. I think you'll find that the evidence so far is that this is collateral damage from an attack on Telefonica (who just happen to manage network links for some of the NHS).
"Curious then that it has affected so many dispersed bits of the country. "
The term you're looking for is 'continent'. Or possible 'world'; Russia has millions of infections right now, with Taiwan and China both heavily hit too. Half of Europe is being hit. List on the BBC's breaking news site currently says UK, Spain, Italy, China, Russia, Vietnam, Kazakhstan and Taiwan. Avast alone has 36,000 infections going live right now.
This is fucking massive.
Awareness issues, tech will do so much but some spam will always get in. You can't sop the signal Mal! Someone somewhere clicked.
I imagine hospitals are a bit like schools with lots of staff that feel very important and that security measures are not for them because they must not be impeded in doing their important stuff (even if that is playing on their new phone).
Ok I'm generalising but I've yet to be proved wrong.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
