Christ, again? Guys what the fuckâŚ
It isnât surprising in the least - even with extreme devotion IT security is hard, and most people donât give it any more than a passing thought, including many large businesses. This will keep happening, and will likely get a lot worse before (if) it gets better, up to and including resulting in deaths.
Iâve done very low level IT work in hospitals as a hardware scrub. They are a very soft target. I could probably knock a hospital down myself along with many others in these forums, if I just were hired on as a temp. They pay millions of dollars for EMR systems, but they donât bother hardening more obvious attack surfaces.
But as Cory said, ransoming a hospital, beyond the ethical and moral implications is just fucking stupid. Youâll end up in GITMO or worse.
At least we all know why our Obamacare premiums are going up this year. Itâs all because of those pesky hackers!
Obviously the only solution is to put an end to all the encryption magic those hackers use. Thanks, Obama!
Even with good security practices, youâre at the mercy of what others do. And sometimes one security measure can negate others.
For example PDF files. Now an industry standard that you MUST deal with. Except that Adobe keeps releasing new versions every few minutes, adding programming APIs and whatnot to them. What was once a document format is now an application environment and vector for viruses.
And theyâve added encryption. So the PDF documents your secretary gets donât get scanned by the anti-virus software on your firewall appliance, mail server or workstation. Eventually one of them turns out to have a ransomeware virus
We block encrypted PDFs at the mail server, except from sources we add to a white list. But that white list keeps growing to the point where the blocking will no longer be effective.
The only upside here is that ransomware attacks are a lot more visible than data exfiltration; and most commonly just encrypt the files on site for speed reasons. The data may or may not survive; but it probably isnât walking off the property.
maybe this is just a smokescreen for some hacker erasing his hospital bills?
anyone who has been stuck under crushing medical bills has probably fantasized about hacking the hospital computers.
BOO HISS if it impacts sick people or is just being done for profit.
You have to deal with PDFs, but you donât have to deal with Adobe Acrobat. I doubt anyone ever got infected using, say, xpdf.
Or even the PDF reader that comes with Windows 10. Not including the advanced features is a good thing.
Alas, corporate and government web sites often include PDF files WITH the advanced features. Not as mere documents, but as forms for you to fill in. And so having Acrobat as the default reader on your PC is often necessary. Parts lookup PDFs often link to each other, a feature that often requires Acrobat.
If you have volume licencing from Microsoft youâre required to fill in the Excel spreadsheets they send you. First you have to turn off even the default security features - not for a given workbook, but for Excel as a whole - to ensure that their built-in scripts will run.
Unfortunately, one of the reasons why Adobe keeps adding dodgy stuff to âPDFâ is to ensure that only Adobe products can be fully relied on to render the resulting mess properly.
If you are dealing with a genuinely standard proper subset(like PDF/A) you probably wonât run into trouble; and for the most part basic datasheets-nâ-documentation PDFs are generated by people who have no more interest in overcomplicating things than do their readers(one of the reasons why so many PDFs are still littered with references to MS Word; because somebody just hit export and called it a dayâŚ).
If, however, due to the impersonal cruelty of our cold, stochastic, universe and/or grievous sins in a past life, you are dealing with specialized PDFs; it is quite possible that youâve entered ânew definition of pain and sufferingâ territory and things will break all over the place unless you use exactly what Adobe says.
Letâs say, for instance, that "Adobe LiveCycle Enterprise Suite 4â has replaced paper-pushing for some aspects of your organizationâs bureaucratic process. Or that the âAdobe Experience Managerâ is involved. Thatâs the sort of place where PDFs can and will do and contain just about anything; and things are likely to go poorly if you try to process them with third party tools.
This is a terrible, terrible, abuse of what was supposed to be a page description language; and whoever is responsible has seats reserved in the special hell; but it is a consideration in some environments.
The hacker who stole Hollywood Presbyterian⌠realized that their random infectious agent had kidnapped a giant, high-profile institution that would be able to motivate serious law-enforcement investigations that would move ever-closer to their true identity the longer the ransom negotiations continued.
Nope, I donât buy it. After they marked down the price, you think the FBI said, âwelp, we got a bargain, may as well call off the investigation.â That case set a bad precedent, and the current case is proof. Iâm willing to bet theyâre throwing some serious resources at this problem. Unfortunately, theyâre also lobbying to make hospital computers - and all computers - less secure. Right hand, meet left hand.
I donât know about the Windows reader, but forms at least are fairly basic functionality that most things can handle. I started doing my taxes today using Preview.app (OSXâs built-in everything reader) to fill in my 1040 etc.
Then your security problem isnât your firewall or antivirus, your security problem is that someone upstairs locked your organization into a hideous ECM, from Adobe of all companies.
Itâs not just âyourâ company. If itâs a manufacturer, now all the companies that make up their distributer and dealer network share the problem. They all need to be using Acrobat Reader rather than a stripped-down, safer alternative, to place orders and whatnot. But then they probably were anyway, because the banks and government agencies they deal with require it also.
And even if you donât use these things, your version of Acrobat gets updated with all those features regardless. And you MUST upgrade it, to fix all the security problems created in last weekâs release.
I just had a nightmarish thought about the new SF General Hospital with Zuckerbergâs name on it⌠a Facebook-integrated hospital.
Itâs not, but⌠brrr.
Dialysis Machine
Like this
Unfortunately, nobody ever lets IT, um, er⌠âdropâ executives deemed to be a security risk when they try to cross in from the DMZ. Packets? Sure. Email? No problem; but they just wonât budge on that one.
I can only hope that if they try âSocial Wellness!!!â the HIPAApotamus gives them a truly brutal bite.
Even when it isnât riddled with bugs, item 101 (Whatâs in item 101? The worst thing in the world.) of Appendix H of the Adobe PDF reference is always good for some cold chills: External program execution isnât a bug, itâs a feature!
The Acrobat viewer for the Windows platform uses the Windows function
ShellExecute to launch an application. The Win dictionary entries correspond
to the parameters of ShellExecute.
Its the fucking future!
1600? Just pay and try to secure your system. Cost of doing business. They only have to sell around 200 aspirin to inpatients to cover that.
