Sign in / up

back to article If it doesn't need to be connected, don't: Nurse prescribes meds for sickly hospital infosec

A children's nurse prescribed hospitals ways to improve their computer security at the BSides conference in Manchester, England, earlier this month. Jelena Milosevic developed an interest in cybersecurity over the past four years while working as an on-call nurse in several hospitals across the Netherlands, where she said …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. Mayday
    Thumb Up

    Sterile

    "Healthcare without [basic] security is like surgery without sterile instruments,"

    Don't think I could put that one better myself. 100% truth there. It's so good and appropriate I am going to steal it and use it myself. Change "Healthcare" for industry of choice if required.

    39 0 Reply
  2. Potemkine! Silver badge

    "If it doesn't need to be connected, don't"

    A sane attitude, at last! I thought the entire World went crazy about IoShit.

    33 0 Reply
    1. Chronos
      Reply Icon
      Thumb Up

      Re: "If it doesn't need to be connected, don't"

      This. It applies everywhere, not just healthcare.

      22 0 Reply
      1. Evil_Goblin
        Reply Icon

        Re: "If it doesn't need to be connected, don't"

        So she has prescribed a proscription?

        9 0 Reply
  3. John Smith 19 Gold badge
    Unhappy

    This stuff doesn't need to talk to the net

    So why let it?

    And it looks like medical grade IoT s**t is no better than any other kind.

    I wonder if the same code monkeys sling this s**t as for the rest of this stuff.

    15 1 Reply
  4. imanidiot Silver badge

    Some people just need repeated booting. With a size 48.

    "But unauthorized people never come into this room, why should it have a password?"

    "But nobody knows about this being connected to the internet, so why do I need all this security stuff"

    Honestly, kicking is too good for them.

    21 0 Reply
    1. Anonymous Coward
      Reply Icon
      Anonymous Coward

      Re: Some people just need repeated booting. With a size 48.

      "But unauthorized people never come into this room, why should it have a password?"

      This is the default answer where I work!!!! So infuriating.

      Also conversation with a department head last year when reviewing the 2000 odd XP machines they had running a critical app for the business.

      "Well it was installed and signed of by infosec as secure, the usbs are disabled and they are all on their own VLAN, why do we need to worry about patching and viruses?"

      4 0 Reply
    2. grumpynurse
      Reply Icon

      Re: Some people just need repeated booting. With a size 48.

      There is IT, but not real security department with more then 1-2 security professionals, who will have chance to explain and make good security ...

      We need independent security department

      1 0 Reply
  5. Chris G

    This lady is a breath of fresh air, it's particularly good that she is a nurse as it gives her greater insights into ' on the ground' requirements and what is not necessary.

    One of the (many) problems with the NHS is since it was decentralised in the '80s there are too many

    SOP s with regard to everything not just IT, it really needs a cohesive approach across the whole of the NHS with regard to how IT related work is managed and carried out and overseen by someone who is a professional who appreciates the consequences of getting it wrong. A set of standards that are more than just advice wouldld be useful.

    13 0 Reply
  6. Trollslayer
    Flame

    Technology isn't magic

    This message still gets ignored.

    13 0 Reply
  7. Buzzword

    HTTPS doesn't solve much

    "Since the infection, most hospital websites have moved from HTTP to the more secure HTTPS, according to Milosevic – a move that wouldn't have halted the virus's spread but is indicative of IT staff taking security more seriously."

    Or, it's indicative of IT staff fixing the easy and most visible stuff, while leaving gaping holes open elsewhere.

    9 0 Reply
    1. grumpynurse
      Reply Icon

      Re: HTTPS doesn't solve much

      It is basic

      And if they do nto care about this, how we can be sure that they will care about more important stuff?

      We need to build security, from the ground, isn't?

      1 0 Reply
  8. Doctor Syntax Silver badge

    "Manufacturers tell healthcare pros the equipment should be always connected to some backend, contrary to the advice of security clearing house ICS-CERT and others."

    This is where procurement should push back. Make it clear that if equipment has to be connected to a backend without that being a functional requirement then it won't even make it to the long-list. If spurious recommendations that it be connected aren't removed from the bumph it won't make it to the short-list.

    8 0 Reply
  9. Tony W

    More than NICE to have

    NICE (National Institute for Health and Care Excellence) has guidance and standards on infection prevention and control. I believe most hospitals have a person responsible for ithat.

    But I couldn't find guidance for infosec (looking under several relevant terms) on the NICE website. If it's there, it's not obvious. Does it need a disaster first?

    3 0 Reply
    1. pig
      Reply Icon

      Re: More than NICE to have

      "But I couldn't find guidance for infosec (looking under several relevant terms) on the NICE website. If it's there, it's not obvious. Does it need a disaster first?"

      Yes.

      The NHS is, sadly, anything but proactive.

      It requires a Wannacry that doesn't suddenly stop, but instead spreads more and destroys/costs more.

      Sense wont get change, only public outcry after a disaster.

      it's bloody sad it like that, but that's how it is.

      3 0 Reply
  10. onefang
    Headmaster

    "A graph comparing Dutch and American hospital website security in 2017 ... click to enlarge"

    I'm disappointed that El Reg misspelled "embiggen", and left off the full stop.

    2 0 Reply
  11. Aristotles slow and dimwitted horse

    Manufacturer : "But it needs to be connected to the internet so it can be patched and upgraded".

    Client : "But it works fine as it is; and if it isn't connected to the internet or internal network then it doesn't need further updates. Honestly, it does exactly what we want it to do right now."

    Manufacturer : "Yeah but... ummm, errrr, what about our support revenues..."

    9 0 Reply
    1. grumpynurse
      Reply Icon

      Client: " If we look how many time you did update and patch, we didn't even need to be connected to the internet, for sure not 24/7 ;-) "

      3 0 Reply
  12. RGE_Master

    This video is restricted, please sign in with a google account... Nice work whoever did that. Nice work.

    8 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like