Cyber Attack on the NHS - Potential Ransom Demand

SocketRocket said:
I see this thread has turned into another Robin Hood theme. I thought it was about a cyber attack :confused:
Click to expand...

Do keep up.... Every other thread gets turned into a political one so I thought I'd help this one along a bit. Not getting any significant bites though so I might try another approach ;)
 
huds1475 said:
This presumes XP is the threat boundary, which I doubt is the case. Your statement is over-simplified and misleading.

Having said that, each case is individual, but the Gvt does take the security of it's Citizens data quite seriously.
Click to expand...

I've spent quite a bit of time in nhs hospitals over the past couple of years and seen plenty of XP machines, I'm a computer engineer, I know XP when I see it.
Latest OS I have seen is windows 7 .
The news has specifically mentioned XP both yesterday and this morning, they have said that older operating systems are less robust against these threats.

From my experience of these type of ransomware, they are not after patient data, they are after money to release the block on the infected machines.

That's not to say that newer os are immune, but cross platform /OS networking will always have to have its security set at the level of the oldest machines or it won't work. This makes everything vulnerable.
Get rid of the old machines and you can crank up the security.
 
I wonder how many of the trusts affected have had their IT Support doing manual patching...as they did not have the budget to put in place the tools to do the patching for them.

nb. one of my roles in the past was managing the projects delivering the security compliance of the Government Gateway - working with our security teams - so well acquainted with the risks, issues and tools.

Implementing Critical MS Windows Security patches (such as that covering WannaCry - a ransonware based upon the NSAs EternalBlue ) should be at the top of the To Do list for every infrastructure support team. But of course if the team is understrength; thye don't have the desktop patch distribution systems in place; or they have to patch everything manually...The March MS Security Update contained the patch to protect Windows against WannaCry - but if you hadn't applied that patch yet...

BTW - as you would expect GG is very secure with security their #1 priority, getting CESG compliance is challenging
 
PhilTheFragger said:
I've spent quite a bit of time in nhs hospitals over the past couple of years and seen plenty of XP machines, I'm a computer engineer, I know XP when I see it.
Latest OS I have seen is windows 7 .
The news has specifically mentioned XP both yesterday and this morning, they have said that older operating systems are less robust against these threats.

From my experience of these type of ransomware, they are not after patient data, they are after money to release the block on the infected machines.

That's not to say that newer os are immune, but cross platform /OS networking will always have to have its security set at the level of the oldest machines or it won't work. This makes everything vulnerable.
Get rid of the old machines and you can crank up the security.
Click to expand...
Wasn't windows 10 a free upgrade from 7 or 8?
I am pretty sure we upgraded from XP a few years ago without replacing the machines, just the software.
Is this just a good excuse to blame lack of funding? In my experience XP was the worst system Microsoft ever produced and they stopped supporting it years ago. If the NHS can't run without computers, as most organisations can't, it's a fair question to ask why they are still on XP? In this regard I don't think you can JUST blame lack of funding, especially when they spent God knows how much on the new system that failed.
 
PhilTheFragger said:
I've spent quite a bit of time in nhs hospitals over the past couple of years and seen plenty of XP machines, I'm a computer engineer, I know XP when I see it.
Latest OS I have seen is windows 7 .
The news has specifically mentioned XP both yesterday and this morning, they have said that older operating systems are less robust against these threats.

From my experience of these type of ransomware, they are not after patient data, they are after money to release the block on the infected machines.

That's not to say that newer os are immune, but cross platform /OS networking will always have to have its security set at the level of the oldest machines or it won't work. This makes everything vulnerable.
Get rid of the old machines and you can crank up the security.
Click to expand...

There are plenty of ways and products for the older OS to improve security, it requires investment though

also proper perimeter securty is a must, Firewall, IPS, + AV etc..
 
Sweep said:
Wasn't windows 10 a free upgrade from 7 or 8?
I am pretty sure we upgraded from XP a few years ago without replacing the machines, just the software.
Is this just a good excuse to blame lack of funding? In my experience XP was the worst system Microsoft ever produced and they stopped supporting it years ago. If the NHS can't run without computers, as most organisations can't, it's a fair question to ask why they are still on XP? In this regard I don't think you can JUST blame lack of funding, especially when they spent God knows how much on the new system that failed.
Click to expand...

There was a free upgrade for 12 months for users of 7. 8 and 8.1, if you were on XP or Vista, then I doubt that your machines would have had the hardware specs to run 7. let alone 10.

One problem may have been propitiatory software that wouldnt run on anything other than XP, but I suspect these will be few .

10 has been out for nearly 2 years, before that 8 was out for 2, 7 was out for 5, Vista for 3 So any machine still running XP is at least 12 years old, any machine still running Vista is at least 9. In computing terms they are dinosaurs.

even later Windows 7 pc's are heading towards 5 years old now.

Time flies
 
Sweep said:
Wasn't windows 10 a free upgrade from 7 or 8?
I am pretty sure we upgraded from XP a few years ago without replacing the machines, just the software.
Is this just a good excuse to blame lack of funding? In my experience XP was the worst system Microsoft ever produced and they stopped supporting it years ago. If the NHS can't run without computers, as most organisations can't, it's a fair question to ask why they are still on XP? In this regard I don't think you can JUST blame lack of funding, especially when they spent God knows how much on the new system that failed.
Click to expand...

Just a minor point, but the agency set up by D Cameron (Government Digital Service) decided against extending the security support deal with Microsoft as it was too expensive at £5.5m. This was despite warnings that the system would be vulnerable to hackers.
 
When you take a step back and move away from the technical side of this; you have to be a really sick individual to target a hospital or health system 😟. Gov't departments I get but hospitals?
 
The OS may be out of date and no longer supported, there may well be a free upgrade program urging users/organisations to move to the latest platform, but that is not the problem, money to upgrade is an issue but again not the main problem. The main issue may PCs or servers are not updated is because the application software that runs on it won't run on newer platforms.

Okay some will argue you have compatibility mode, doesn't always work and when it does it can be prone to crashing, not ideal if you NHS system is dependent on a reliable platform, that is stable, but that is also so far out of date with patching it becomes vulnerable.

And as with any large company or organisation, moving to a newer application or an upgrade to an existing is a lot more work than just upgrading the OS, as is often the case once started there is no going back.

Fixing vulnerable operating systems, is more than just throwing a skip load of money at it.
 
Lord Tyrion said:
When you take a step back and move away from the technical side of this; you have to be a really sick individual to target a hospital or health system 😟. Gov't departments I get but hospitals?
Click to expand...

I doubt they were targeting hospitals. Just released it into the wild and any organisation not up to date on their security was vulnerable.
 
Sweep said:
Wasn't windows 10 a free upgrade from 7 or 8?
I am pretty sure we upgraded from XP a few years ago without replacing the machines, just the software.
Is this just a good excuse to blame lack of funding? In my experience XP was the worst system Microsoft ever produced and they stopped supporting it years ago. If the NHS can't run without computers, as most organisations can't, it's a fair question to ask why they are still on XP? In this regard I don't think you can JUST blame lack of funding, especially when they spent God knows how much on the new system that failed.
Click to expand...

I believe it was a free upgrade for home users, not corporate.
 
As directed by an Email this morning I have just checked my work laptop and sure enough the relevant Windows Security Patch was installed 28th March - immediately following the release of the patch. But then I do work for an IT services company...

Anyway - WHERE ARE YOU Jeremy?#

If this had happened on the watch of a Labour Government, the likes of the current bun and DM would be demanding to know where the Health Secretary is; why he has not made a statement on this matter, and they'd be screaming for the Health Secretaries head and pointing out the uselessness of the Labour government. Oh how I love our right wing press - the press that doesn't attempt to influence the thinking of the few who read these papers if that would be negative on the Tories.
 
jdpjamesp said:
I believe it was a free upgrade for home users, not corporate.
Click to expand...
We got it free at work. To be honest they made it difficult for you not to have it.
I am not sure you can entirely blame under funding either. How many billions were spent on that new system that was scrapped?
 
SocketRocket said:
I'm unsure of what this really means. I doubt if these Subs Trident missiles are run by a Windows app, well I hope not anyway. I assume Windows is used more for things like keeping spreadsheets on the bar and Galley accounts.
Click to expand...

Erm - I think that you'll find that MS Windows OS is rather more critical to many major and critical government (inc defence) systems than it being a means to run MS Office...

Maybe you were joking to divert but I'm not sure.
 
You must log in or register to reply here.

Similar threads

H
Competitive vs Recreational handicaps
2 3
Replies
56
Views
3K
Voyager EMH
Voyager EMH
bradleywedge
Spectator strategy and tips for the open
2
Replies
22
Views
3K
bradleywedge
bradleywedge
P
Investments - Strategies, Ideas, Options & advice
28 29 30
Replies
588
Views
36K
garyinderry
garyinderry
Mudball
Is 90k pay middle class
7 8 9
Replies
162
Views
11K
harpo_72
harpo_72
Hoganman1
Hello From Across The Pond
2
Replies
35
Views
2K
Hoganman1
Hoganman1
Top