NHS England hit by 'cyber attack'

Discussion in 'OT (OFF Topic) Forums' started by markjay, May 12, 2017.

  1. markjay

    markjay MB Club Veteran

    Messages:
    24,401
    Joined:
    Jun 24, 2008
    Location:
    London
    Car:
    W204 C180 Executive SE 2013 Automatic / COMAND NTG4.7 and Morel speakers fitted by www.comand.co.uk
  2. AMGeed

    AMGeed MB Club Veteran

    Messages:
    12,644
    Joined:
    Nov 1, 2008
    Location:
    Bournemouth/Poole Dorset
    Car:
    2014 E63 Biturbo
    Not surprising considering they are still using XP as an OS.:fail
     
  3. OP
    OP
    markjay

    markjay MB Club Veteran

    Messages:
    24,401
    Joined:
    Jun 24, 2008
    Location:
    London
    Car:
    W204 C180 Executive SE 2013 Automatic / COMAND NTG4.7 and Morel speakers fitted by www.comand.co.uk
    Ransomware, apparently.
     
  4. OP
    OP
    markjay

    markjay MB Club Veteran

    Messages:
    24,401
    Joined:
    Jun 24, 2008
    Location:
    London
    Car:
    W204 C180 Executive SE 2013 Automatic / COMAND NTG4.7 and Morel speakers fitted by www.comand.co.uk
    Shutting down all IT systems, finding and clearing the virus, then restoring from backup... this is standard.

    But it takes time............
     
  5. 400ixl

    400ixl Hardcore MB Enthusiast

    Messages:
    1,082
    Joined:
    Feb 20, 2016
    Location:
    Norfolk UK
    Car:
    E250 AMG Sport Convertible
    The majority does not run XP anymore and hasn't for a while. There is still more around than there should be mind. Legacy apps preventing the upgrade are a real problem for the NHS and healthcare in general.
     
  6. st13phil

    st13phil MB Club Veteran

    Messages:
    7,937
    Joined:
    Nov 6, 2007
    Location:
    North Oxfordshire
    Car:
    His - Denim Blue A220 AMG Line Premium / Hers - Obsidian Black R172 SLK55
    Certainly looks like it from the screenshot on the BBC News site.

    Perhaps this attack on essential infrastructure will encourage the law enforcement authorities to put some serious effort into tracking down those responsible?
     
    2 people like this.
  7. OP
    OP
    markjay

    markjay MB Club Veteran

    Messages:
    24,401
    Joined:
    Jun 24, 2008
    Location:
    London
    Car:
    W204 C180 Executive SE 2013 Automatic / COMAND NTG4.7 and Morel speakers fitted by www.comand.co.uk
    Early days, but....

    It seems that the hackers exploited a known vulnerability in Microsoft Windows.

    This vulnerability was first discovered by the NSA and used by them for their own purposes.

    Hackers got hold of it - either it was leaked from the NSA, or the NSA 'spent' it by using it in circumstances where their indented targets could discover it (similar to how the Iranians found Stuxnet).

    Microsoft became aware of the vulnerability shortly after it was leaked and released a patch on 14th March.

    But there are two issues... the first is that many organizations do not have a proper patching and updating procedures in place (this is a common failure on many security audits we carry-out).

    The second is that according to some reports, 90% of the NHS computers are still on Windows XP.... and updates for Windows XP are no longer available, so XP can't be patched even they wanted to.

    So... is it a question of insufficient funds? Or management incompetence? Or both?
     
    Last edited: May 12, 2017
  8. st13phil

    st13phil MB Club Veteran

    Messages:
    7,937
    Joined:
    Nov 6, 2007
    Location:
    North Oxfordshire
    Car:
    His - Denim Blue A220 AMG Line Premium / Hers - Obsidian Black R172 SLK55
    I seem to remember that HMG came to some maintenance arrangement with Microsoft to keep security patching XP?
     
  9. OP
    OP
    markjay

    markjay MB Club Veteran

    Messages:
    24,401
    Joined:
    Jun 24, 2008
    Location:
    London
    Car:
    W204 C180 Executive SE 2013 Automatic / COMAND NTG4.7 and Morel speakers fitted by www.comand.co.uk

    I don't know, they may have done, but either way regular patching require having policies in place, which are executed and monitored... Windows 10 won't help if it is set to 'never install updates' and no one updates it manually or through WSUS/GPOs etc.
     
    Last edited: May 12, 2017
  10. MikeInWimbledon

    MikeInWimbledon Hardcore MB Enthusiast

    Messages:
    2,061
    Joined:
    Nov 8, 2014
    Car:
    2007 E500 5.5. Previously E350 S500, E500, SL350, SL500, S500, E55
    Thank heavens we're investing in the Trident Replacement

    At least a major portion of the UK Defence budget has been well invested in defending us from modern risks, like Cyber-terrorism.

    [​IMG]



    https://youtu.be/1aPvGGvnAGQ
     
  11. Benzmanc

    Benzmanc Hardcore MB Enthusiast

    Messages:
    1,640
    Joined:
    May 22, 2011
    Location:
    Tameside
    Car:
    R231 SL 350 + Honda Blackbird
    Not just hospitals, my wife does all the admin for the local district nurses and their system went down today too
     
  12. OP
    OP
    markjay

    markjay MB Club Veteran

    Messages:
    24,401
    Joined:
    Jun 24, 2008
    Location:
    London
    Car:
    W204 C180 Executive SE 2013 Automatic / COMAND NTG4.7 and Morel speakers fitted by www.comand.co.uk

    To be honest... as the details emerge... this is seems like a major c0ck-up on management side.

    I doubt that there would be many regional NHS Directors who would look at a professional report submitted by their head of IT and highlighting the shortfall compared to basic security standards such as this : https://www.gov.uk/government/collections/cyber-security-guidance-for-business (we are not talking of ISO27001 here), and say 'Naaahhh, we don't have the cash'.

    I am certain that the enquiry that will no doubt follow will highlight a very long list of management failings.
     
  13. OP
    OP
    markjay

    markjay MB Club Veteran

    Messages:
    24,401
    Joined:
    Jun 24, 2008
    Location:
    London
    Car:
    W204 C180 Executive SE 2013 Automatic / COMAND NTG4.7 and Morel speakers fitted by www.comand.co.uk
    Of course, there's the political dimension...

    *some* will say the problem is that the NHS is starved for cash

    *others* will say the problem is that the NHS is a cumbersome inefficient dinosaur that can't be trusted to manage anything, not even their own IT systems

    :D

    But this is for another thread. ;)
     
  14. OP
    OP
    markjay

    markjay MB Club Veteran

    Messages:
    24,401
    Joined:
    Jun 24, 2008
    Location:
    London
    Car:
    W204 C180 Executive SE 2013 Automatic / COMAND NTG4.7 and Morel speakers fitted by www.comand.co.uk

    This is another issue... the Ransomware is clearly doing the rounds across the NHS internal IT systems and those connected to it.

    There are such things as application firewalls and reverse prosy firewalls with active anti-virus etc that should be used to segregate and segment different parts of the organisation... if traffic in properly inspected when it crosses local firewalls then Ransomware would not be able to infect so many nodes almost simultaneously.
     
  15. OP
    OP
    markjay

    markjay MB Club Veteran

    Messages:
    24,401
    Joined:
    Jun 24, 2008
    Location:
    London
    Car:
    W204 C180 Executive SE 2013 Automatic / COMAND NTG4.7 and Morel speakers fitted by www.comand.co.uk
    And I forgot to mention Telefonica and other Spain companies. So perhaps it's not so much an issue of funding... but prioritising?
     
  16. 400ixl

    400ixl Hardcore MB Enthusiast

    Messages:
    1,082
    Joined:
    Feb 20, 2016
    Location:
    Norfolk UK
    Car:
    E250 AMG Sport Convertible
    This is not a directed attack on the NHS, doesn't make it less of an issue.

    Its also not an XP issue, all versions of Windows are vulnerable unless patched with the update which came out in April 2017.

    Relatively few enterprises will be fully patched up to this point across the board.
     
    1 person likes this.
  17. DrFeelgood

    DrFeelgood MB Club Veteran

    Messages:
    8,813
    Joined:
    Nov 10, 2005
    Car:
    BMW 740Li
    I know of another major UK organisation that's having major IT issues today.
     
  18. OP
    OP
    markjay

    markjay MB Club Veteran

    Messages:
    24,401
    Joined:
    Jun 24, 2008
    Location:
    London
    Car:
    W204 C180 Executive SE 2013 Automatic / COMAND NTG4.7 and Morel speakers fitted by www.comand.co.uk
    If this is indeed essentially a criminal attack, as seems to be the case, then yes there would be very little point in attacking the NHS.

    These type of organisations will never pay the ransom... they will restore from backups and take any data loss on the chin.

    There's no money to be had for the perpetrators here.

    So it does seem that this was a widely-cast net exploiting a known vulnerability, and those with poor IT governance - mainly security policies - are worst affected.
     
  19. CLSMark

    CLSMark Banned

    Messages:
    1,262
    Joined:
    Feb 25, 2017
    Location:
    Hampshire via Glasgow
    Car:
    Volkswagen Touareg


    Was that for comedic effect? Or they genuinely using Xp??


    Sent using a tin can on the end of a string
     
  20. OP
    OP
    markjay

    markjay MB Club Veteran

    Messages:
    24,401
    Joined:
    Jun 24, 2008
    Location:
    London
    Car:
    W204 C180 Executive SE 2013 Automatic / COMAND NTG4.7 and Morel speakers fitted by www.comand.co.uk
    Chap on the radio today ('security expert') said that "90% of NHS PCs still run Windows XP".
     

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.