Ransomware hackers steal a hospital. Again


#1

[Read the post]


#2

Christ, again? Guys what the fuck…


#3

It isn’t surprising in the least - even with extreme devotion IT security is hard, and most people don’t give it any more than a passing thought, including many large businesses. This will keep happening, and will likely get a lot worse before (if) it gets better, up to and including resulting in deaths.


#4

I’ve done very low level IT work in hospitals as a hardware scrub. They are a very soft target. I could probably knock a hospital down myself along with many others in these forums, if I just were hired on as a temp. They pay millions of dollars for EMR systems, but they don’t bother hardening more obvious attack surfaces.

But as Cory said, ransoming a hospital, beyond the ethical and moral implications is just fucking stupid. You’ll end up in GITMO or worse.


#5

At least we all know why our Obamacare premiums are going up this year. It’s all because of those pesky hackers!

Obviously the only solution is to put an end to all the encryption magic those hackers use. Thanks, Obama!


#6

Even with good security practices, you’re at the mercy of what others do. And sometimes one security measure can negate others.

For example PDF files. Now an industry standard that you MUST deal with. Except that Adobe keeps releasing new versions every few minutes, adding programming APIs and whatnot to them. What was once a document format is now an application environment and vector for viruses.

And they’ve added encryption. So the PDF documents your secretary gets don’t get scanned by the anti-virus software on your firewall appliance, mail server or workstation. Eventually one of them turns out to have a ransomeware virus

We block encrypted PDFs at the mail server, except from sources we add to a white list. But that white list keeps growing to the point where the blocking will no longer be effective.


#7

The only upside here is that ransomware attacks are a lot more visible than data exfiltration; and most commonly just encrypt the files on site for speed reasons. The data may or may not survive; but it probably isn’t walking off the property.


#8

maybe this is just a smokescreen for some hacker erasing his hospital bills?

anyone who has been stuck under crushing medical bills has probably fantasized about hacking the hospital computers.

BOO HISS if it impacts sick people or is just being done for profit.


#9

You have to deal with PDFs, but you don’t have to deal with Adobe Acrobat. I doubt anyone ever got infected using, say, xpdf.


#10

Or even the PDF reader that comes with Windows 10. Not including the advanced features is a good thing.

Alas, corporate and government web sites often include PDF files WITH the advanced features. Not as mere documents, but as forms for you to fill in. And so having Acrobat as the default reader on your PC is often necessary. Parts lookup PDFs often link to each other, a feature that often requires Acrobat.

If you have volume licencing from Microsoft you’re required to fill in the Excel spreadsheets they send you. First you have to turn off even the default security features - not for a given workbook, but for Excel as a whole - to ensure that their built-in scripts will run.


#11

Unfortunately, one of the reasons why Adobe keeps adding dodgy stuff to “PDF” is to ensure that only Adobe products can be fully relied on to render the resulting mess properly.

If you are dealing with a genuinely standard proper subset(like PDF/A) you probably won’t run into trouble; and for the most part basic datasheets-n’-documentation PDFs are generated by people who have no more interest in overcomplicating things than do their readers(one of the reasons why so many PDFs are still littered with references to MS Word; because somebody just hit export and called it a day…).

If, however, due to the impersonal cruelty of our cold, stochastic, universe and/or grievous sins in a past life, you are dealing with specialized PDFs; it is quite possible that you’ve entered ‘new definition of pain and suffering’ territory and things will break all over the place unless you use exactly what Adobe says.

Let’s say, for instance, that "Adobe LiveCycle Enterprise Suite 4’ has replaced paper-pushing for some aspects of your organization’s bureaucratic process. Or that the ‘Adobe Experience Manager’ is involved. That’s the sort of place where PDFs can and will do and contain just about anything; and things are likely to go poorly if you try to process them with third party tools.

This is a terrible, terrible, abuse of what was supposed to be a page description language; and whoever is responsible has seats reserved in the special hell; but it is a consideration in some environments.


#12

The hacker who stole Hollywood Presbyterian… realized that their random infectious agent had kidnapped a giant, high-profile institution that would be able to motivate serious law-enforcement investigations that would move ever-closer to their true identity the longer the ransom negotiations continued.

Nope, I don’t buy it. After they marked down the price, you think the FBI said, “welp, we got a bargain, may as well call off the investigation.” That case set a bad precedent, and the current case is proof. I’m willing to bet they’re throwing some serious resources at this problem. Unfortunately, they’re also lobbying to make hospital computers - and all computers - less secure. Right hand, meet left hand.


#13

I don’t know about the Windows reader, but forms at least are fairly basic functionality that most things can handle. I started doing my taxes today using Preview.app (OSX’s built-in everything reader) to fill in my 1040 etc.

Then your security problem isn’t your firewall or antivirus, your security problem is that someone upstairs locked your organization into a hideous ECM, from Adobe of all companies.


#14

It’s not just “your” company. If it’s a manufacturer, now all the companies that make up their distributer and dealer network share the problem. They all need to be using Acrobat Reader rather than a stripped-down, safer alternative, to place orders and whatnot. But then they probably were anyway, because the banks and government agencies they deal with require it also.

And even if you don’t use these things, your version of Acrobat gets updated with all those features regardless. And you MUST upgrade it, to fix all the security problems created in last week’s release.


#15

I just had a nightmarish thought about the new SF General Hospital with Zuckerberg’s name on it… a Facebook-integrated hospital.

It’s not, but… brrr.

Dialysis Machine
:+1: Like this


#16

Unfortunately, nobody ever lets IT, um, er… ‘drop’ executives deemed to be a security risk when they try to cross in from the DMZ. Packets? Sure. Email? No problem; but they just won’t budge on that one.


#17

I can only hope that if they try “Social Wellness!!!” the HIPAApotamus gives them a truly brutal bite.


#18

Even when it isn’t riddled with bugs, item 101 (What’s in item 101? The worst thing in the world.) of Appendix H of the Adobe PDF reference is always good for some cold chills: External program execution isn’t a bug, it’s a feature!

The Acrobat viewer for the Windows platform uses the Windows function
ShellExecute to launch an application. The Win dictionary entries correspond
to the parameters of ShellExecute.


#19

Its the fucking future!


#20

1600? Just pay and try to secure your system. Cost of doing business. They only have to sell around 200 aspirin to inpatients to cover that.