Posted on 05/14/2017 8:00:48 PM PDT by Lorianne
Thousands of patients across England and Scotland have been in limbo after an international cyber-attack hit the NHS, with many having operations cancelled at the last minute.
Senior medics sought to reassure patients that they could be seen in the normal way in emergencies, but others were asked to stay away if possible.
According to one junior doctor who works in a London hospital, the attack left hospitals struggling to care for people. “However much they pretend patient safety is unaffected, it’s not true. At my hospital we are literally unable to do any x-rays, which are an essential component of emergency medicine,” the doctor told the Guardian.
“It’s a good hospital in many ways but the IT is appalling … This is the third or fourth time there has been major computer downtime since I started at my current hospital eight months ago. I know the staff will do their very best to keep looking after everyone but there are no robust systems in place to deal with blackouts like this. Information sharing is hard enough in a clinical environment when everything works.
(Excerpt) Read more at theguardian.com ...
My doctor still scribbles notes in a folder ... I don't know if they are transcribed later into an electronic database. Probably so. But he still has years worth of scribbled notes in my file folder. Hope he hangs onto that.
One wonders why x-ray machines are connected to the internet
There was a time not so long ago where you just put the patient on the table, slipped in a film cartridge, stepped behind a lead barrier and dosed them, pulled the cartridge and put it in the developer tank, and the doctor had the x-ray shortly thereafter. High tech has made us stupid as a society.
These were NSA weapons inadequately guarded.
Let’s say an irresponsible neighbor left his huge gun arsenal totally unlocked and kids came in, took the guns and went around the neighborhood shooting people:
Would NO ONE be responsible...?
That’s ridiculous.
We gave up a little freedom and now NO ONE has security.
SOMEONE is responsible.
My husband was a military doctor overseas. One reason to have x-ray internet connection is the ability to have experts in other parts of the country and world be available to read your x-rays from far away.
People don’t do backups.
My backup system is easy.
I add an extra hard drive and have the system RAID1 (Mirror) them.
I have 2 additional and identical drives on a shelf. Once every 2 weeks I open the PC case and swap out one drive. Two weeks later I do the same thing again. If anything happens to the system, I’m never more than a two week old clone from being back up and running.
If and when they catch the hacker, they should make an example out of him. Life imprisonment and only dog food for meals.
I’m amazed at the number of articles on this hack that don’t mention that this is NSA code.
These were weapons the NSA had no business having. As well.
That’s what I want accountability for. I don’t care that they got leaked. I’m glad they did.
They aren’t going to catch them. These were NSA developed tools. I wouldn’t be surprised if it was an NSA agent, tech, or CIA agent or tech that deployed it.
Notice how no US targets were picked.
One wonders why x-ray machines are connected to the internet. I could not have said it better.
Xray is connected to medical records to enable the import of images. This reduces costs as the image is cheaper than film development and storage. In essence, radiology is one of many “labs” that can be ordered by the doctor.
Medical records is also tied to billing. This reduces costs because the doctor can diagnose and code from the medical records which then feeds into the coding that goes into billing.
Billing is connected to the Internet because health care insurance companies want to save money as well and it is far less expensive to have a VPN gateway that to have dedicated lines to all of their doctors offices.
In short, if it is connected, it is because is it less expensive than the old technology.
The ones responsible are:
The group called Shadow Brokers who initially attempted to sell these exploits on the internet. When they could not find a buyer, released them out in the open.
Microsoft is NOT responsible because they released a patch for this exploit two months ago. If you were using the Microsoft update service, and installing updates, then you are already patched. Witness the fact that despite a global release, how many systems were NOT impacted.
There are two others that are responsible. First the authors of this worm. Note that is not the NSA. Yes the NSA found the vulnerability but someone took that vulnerability, added a worm for propagation, added an encryption routine to lock out the user, and then added the mediation code should payment be received. Whoever they are, they are the primary responsible party.
Lastly there are the lazy sysadmins / managers who allowed their computers to go unpatched for two months. Consider how many possible systems there are in 70 countries. Now consider how many did NOT get the worm. Why did they not, because they took precautions. Those precautions are well known, but people still get the idea that performing backups and virus scans, and patching servers and other machines is too much hassle or costs too much. At $300 per (cost of the malware) computer, you can pay for a lot of patches, virus scans and backups.
The older stuff used to run Solaris and Irix. They were solid and reliable . Now it’s all Windows
It is not NSA code.
NSA found the vulnerability and wrote code to exploit. After the group Shadow Broker obtained and then attempted to sell the exploit, they released it into the wild.
To that original exploit, the hacker added:
A worm for propagation
An encryption program to lock out the user
A program to extort and track payments
A program to unencrypt and kill the worm
An internet based kill switch based on the presence of a specific URL
To say that this is NSA code is like saying that Ingram Mac-10 is an Army weapon because the Army sponsored the development of the .45 ACP
The NSA needs these weapons because much of the world runs on Windows and the NSA still has the mission of spying and gathering electronic intelligence.
Targets were picked. Targets were targets of opportunity. If you did not patch, you were vulnerable.
Dude they weren’t using them to spy on foreign countries. They were being used to spy on Americans.
Very true, Windows grew up from a culture of pervasive desktop. In that world, the user is trusted and allowed to do what they want. For example, if you are the user who installs the system, you have the same rights as a super user or root. In other words, you have access and control to everything.
When windows moved into the server space, bolt-ons were added in an attempt to put some controls in place but the system is not secure like Unix-es and mainframes that were designed from the start to have multiple users with different rights and privileges.
Note the exploit. A windows add on service called SMB which is used to “share” local resources such as drives and printers. Also note what was not hit - Linux, Unix, Mainframe, Mac (now based on Linux)
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.