Ransomware attack hits NHS hospitals

[robert@fm]

http://www.independent.co.uk/news/uk/home-news/nhs-cyber-attack-hospitals-hack-england-emergency-patients-divert-shut-down-a7732816.html 😡😱

I hope that any hospitals affected are using proper IT security measures; namely, regular backups on a file share that isn't otherwise connected to the network.* Then getting back in action would be a simple matter of restoring the latest backup; not only cheaper, but actually guaranteed to work, unlike paying the filth.

*(Or perhaps one built on a UNIX/Linux server, and hence not vulnerable to Windows malware; but I for one am sceptical about the supposed "immunity" of Linux to malware, that's what we used to be told about Macs, until they became popular enough to attract the attention of the virus writers. I suspect that Linux is just another case of "security by stealth".)

 

[PhoebeC]

They wont have. I dread to think the damage this will have caused.

 

[Vicsetter]

The interesting thing in this article is the last sentance:

"It's also essential that staff are educated about the potential risks of incoming emails from unknown parties, or suspicious-looking emails that appear to come from known contacts

No-one would have been infected if they hadn't opened that dodgy email.

 

[robert@fm]

It isn't just email these days; there are also malicious adverts, such as the one which has twice so far attempted to download a Java or JavaScript (whichever it was) file to my laptop. Which it is why it's not safe for your download preference to be set to anything but "ask before saving".

 

[mikeyB]

The reason the NHS was so vulnerable is because the systems are based on out of date Windows versions such as XP which are no longer supported by security updates.

I don't use any additional anti virus and malware protection other than the very effective in built security in Windows 10, which constantly updates automatically as soon as the computer is switched on. Microsoft issued a patch for this malware a couple of months ago.

It's worth saying that with the current rate of spam appearing on the site that any links contained in the messages should never be clicked.

 

[HOBIE]

Will cost to fix ? 😱

 

[Vicsetter]

Microsoft issued a patch for this malware a couple of months ago.

Not quite true Mike: On Saturday, in response to the global attack, Microsoft rolled out a free security update to users to Windows XP, Windows 8, and Windows Server 2003

If you are affected by this new strain of the WannaCry malware then read this: http://bestsecuritysearch.com/detai...removal-guide-complete-recovery-instructions/

 

[Dave W]

The reason the NHS was so vulnerable is because the systems are based on out of date Windows versions such as XP which are no longer supported by security updates.

I don't use any additional anti virus and malware protection other than the very effective in built security in Windows 10, which constantly updates automatically as soon as the computer is switched on. Microsoft issued a patch for this malware a couple of months ago.
It's worth saying that with the current rate of spam appearing on the site that any links contained in the messages should never be clicked.

It's due to a combination of inertia (the system works so lets leave it as is) and cost of upgrading from Win XP to Win nn. And then of course there's a potential need for fine tuning of software to work on the upgraded OS. I ran Win 98 and then XP and only upgraded when XP stopped being supported. I didn't like the Win 10 interface as it gives too little easy contol being designed mainly for tablets/phones so run it with an 'overlay' that looks and behaves like Win 98. Have to agree that the MS security updates work very well. I used to use additional virus protection but no longer do.

 

[Jodee]

80% of NHS was not affected.

Sixteen trusts out of 47 that were hit are still facing issues, leading to further cancellations and delays to services.

http://www.bbc.co.uk/news/uk-39918426

 

[Mark T]

My wife went to the GP for a scheduled appointment today and apparently they were all ok. Although the practise manager had apparently been in over the weekend to perform some actions on the computers to make sure they were ok. Our trust was one of the ones that had been affected.

One of my colleagues asked today what Linux I would recommend as he is fed up with Win10!

 

[MikeTurin]

It's due to a combination of inertia (the system works so lets leave it as is) and cost of upgrading from Win XP to Win nn. And then of course there's a potential need for fine tuning of software to work on the upgraded OS..

The other big problem is if the computer is used to control some specialized hardware. If it's medical certified hardware all the system has to be certified again against the appropriate standards. IF the manufacturer isn't interested or worse has gone out of business this is impossible. Even for more mundane hardware like some older high end sound cards or the humble analogue joystick there's no support in Windows 7: one has to resort to tricky solutions to continue to work with perfectly working hardware if decides to upgrade the OS.

 

[Northerner]

The other big problem is if the computer is used to control some specialized hardware. If it's medical certified hardware all the system has to be certified again against the appropriate standards. IF the manufacturer isn't interested or worse has gone out of business this is impossible. Even for more mundane hardware like some older high end sound cards or the humble analogue joystick there's no support in Windows 7: one has to resort to tricky solutions to continue to work with perfectly working hardware if decides to upgrade the OS.

Indeed - it said on the news last night that there are less than 5% of systems using XP, and some of those are things like MRI scanners that can't just be upgraded. It would be interesting to know where the virus actually struck initially. Most large organisations have 'data mirroring' for disaster recovery, but I imagine the NHS is enormously complicated these days - glad I didn't have to sort it out! 😱

Also, anyone can click on some of these things in a distracted moment, if the link is well-disguised. I used to work in the IT department of a large company and one of the experienced programmers absent-mindedly clicked on an email and brought the systems down. She was horrified, but also human! 😱 Thankfully we sorted that in a couple of hours, but we were nowhere near on the scale of the NHS.

 

[khskel]

We back up our live systems every night and test and apply the MS security patches every month but our system is relatively straight forward. I think testing every security fix on every bit of kit in use in the NHS would be a physical impossibility. Not a job I'd like to attempt.