Hospitals contract viruses - of the digital kind
-
@RaceProUK said in Hospitals contract viruses - of the digital kind:
before a certain game developer who shall remain nameless decided its most dedicated fans were evil
Well now I'm curious. What's that about?
-
@Dreikin said in Hospitals contract viruses - of the digital kind:
@RaceProUK said in Hospitals contract viruses - of the digital kind:
before a certain game developer who shall remain nameless decided its most dedicated fans were evil
Well now I'm curious. What's that about?
An experience that's firmly in the past, and that's all I'll say on the matter.
-
@royal_poet said in Hospitals contract viruses - of the digital kind:
and is needed in those files by treatment delivery suites.
That's actually a harsh requirement around here. Getting the patient information around in between applications is necessary for treatment, so everybody is damn sure we are talking about the same patient, and billing.
That last one is backed by a law ruling how hospitals can bill if they like to have social security to pick up part of the bill. It simply says that all treatment inside the hospital for one month should be on one bill. Unless you like to manually enter all rx stuff into the billing you have the HIS send patient information (our friend HL7) and the RIS then sends it's billing information to central billing.
-
@dkf said in Hospitals contract viruses - of the digital kind:
barcode readers that generate output in a way that makes them pretend to be USB keyboards
Most direct attached barcode readers are HID devices on Windows. Gryphon and unitech work that way.
-
@anonymous234 said in Hospitals contract viruses - of the digital kind:
@royal_poet said in Hospitals contract viruses - of the digital kind:
Clinical devices are their own beast in this regard. CE mark validation pretty much makes it impossible to validate them for OS updates so they get locked in. Usually takes years to get a CE mark so imagine the insanity of doing that for each crappy fix MS releases.
Gee if only we had OSs actually designed for embedded systems, with a bunch of safety certifications already and a minimal attack surface so they wouldn't need an update every other week just to run a single program.
Or just, fuck that, put Windows on a read-only flash memory. Reboot every night (or every hour). Problem solved.
Preaching to the converted here. The trouble with that are the clinical users who want a familiar windows interface, plus ability to run MsWord, Outlook, Adobe acrobat and their His/Ris plus windows based QA and analysis tools because they can't afford several separate PCs in each room.
Some of my customer base is so broke we're running clinical apps over Citrix so they can work on a mix of XP and NT workstations and that's in a developed Western country with socialised healthcare.
-
@royal_poet
We follow MS here. XP is no longer supported for our HIS or RIS and might be positively broken by now.
I don't have the impression that the situation is that bad around here.
-
@Luhmann we don't officially support either - but as we do radiation delivery it's a bit more fuzzy. Can't let them mistreat patients just because they're broke and can't afford the upgrades. So we do some basic stuff even on unsupported. Kinda makes us part of the problem - but when you hear the patients in the background of a support call that does change perspective. Might be the only hospital they can travel to in their state.
-
@royal_poet
We only do the administrative side. If a client or server doesn't meet our requirements it is on them. Even if our update pushed the app into braking on old versions. We regularly encounter that when an app bumps its .net version. No matter how many times we warn about this there is always at least one customer who forgets to update the server.
-
@Luhmann we have the reverse issue. We're locked i to net 4.5.2 or 4.6.1 depending on what OS you're on and what version of the product you have. Any net updates and the system dies a horrible death. Thanks legacy code.
-
@anotherusername said in Hospitals contract viruses - of the digital kind:
oh, they learn to use it, because it makes their jobs way easier... some of them just don't understand basic security practices sometimes. The concept that the email they just received that says to click here to update their Outlook Web profile might have actually been sent by a malicious hacker instead of "Microsoft support" is just lost on them.
I have also seen nurses checking their Facebook on a computer running Windows 98, which shouldn't have been connected to the internet at all. (And could have been upgraded without breaking any laws, since it wasn't running specialized software for a medical device, only some custom client for the patient system.) This was less than a decade ago.
I'm not surprised at all. Anyone who's ever seen the IT infrastructure of any hospital shouldn't be.
-
When I started my career years ago and IE7 had only just been released most of these hospitals were using very old server versions of Windows, .NET 1.0 or running Access.
Most of the kit is still running a very specific version of Windows XP (not even SP1) with IE6 and the software will only run on that reliably because of the nasty JS and VB running in the browser.
Most will never upgrade because:
- Cost of re-training is expensive.
- Cost of porting software to newer Operating systems is prohibitively expensive.
Also they will not pay for any upgrades what-so-ever
-
Update:
-
@Arantor said in Hospitals contract viruses - of the digital kind:
a large scale CryptoLocker type infestation at a number of NHS hospitals across the country
A facebook friend replied "This is why you buy Apple"
-
This post is deleted!
-
@xaade Yeah. This thing also, once again, let the usual "Linux vs Mac vs Windows" holy wars emerge in our newspapers.
With 90% of the participants kind of missing the point that while, yes, you can do a simple
apt-get upgrade
on your home PC, this is not something you do nilly-willy on an essential server or business PCs. Nevermind doingapt-get dist-upgrade
.Not to mention that a lot of those PCs were running the equivalent of Debian Lenny.
-
@anonymous234 said in Hospitals contract viruses - of the digital kind:
@anotherusername said in Hospitals contract viruses - of the digital kind:
That, combined with the fact that a lot of them are older and less technically literate, makes this not too surprising to me.
That doesn't matter. The NHS is supposed to have good sysadmins, and good sysadmins don't let the hospital staff just run executables with a mere double click. In fact, for something as serious as a hospital, common users shouldn't be able to break the computers even if they try.
I'm assuming major incompetence at some level of the command chain.
That makes me wonder...
Is it possible to disable macros globally via a GPO?
Because then people wouldn't be able to infect themselves even if they tried...
-
@sloosecannon said in Hospitals contract viruses - of the digital kind:
Is it possible to disable macros globally via a GPO?
Like Word macros? No idea, tbh. Plus, you're assuming the admins know how to use Group Policy.
-
Yes, that's all possible. See SwiftOnSecurity on Twitter, that account regularly posts about this kind of stuff.
-
@accalia said in Hospitals contract viruses - of the digital kind:
@blakeyrat said in Hospitals contract viruses - of the digital kind:
@accalia My experience with hospitals (in the US at least) is that doctors were excited by technology and very good at learning and using it, and it was the nurses who were more phobic and tried to avoid using technology whenever possible.
East coast versus west coast i guess.
Yes. I spent quite a bit of time in hospitals during 2014-2016 and my experience was exactly the opposite.
-
-
@RaceProUK said in Hospitals contract viruses - of the digital kind:
Update:
Update:
And this time, there's no stopping it. Short of having an updated machine with the SMB patch installed.
-
@sloosecannon said in Hospitals contract viruses - of the digital kind:
@anonymous234 said in Hospitals contract viruses - of the digital kind:
@anotherusername said in Hospitals contract viruses - of the digital kind:
That, combined with the fact that a lot of them are older and less technically literate, makes this not too surprising to me.
That doesn't matter. The NHS is supposed to have good sysadmins, and good sysadmins don't let the hospital staff just run executables with a mere double click. In fact, for something as serious as a hospital, common users shouldn't be able to break the computers even if they try.
I'm assuming major incompetence at some level of the command chain.
That makes me wonder...
Is it possible to disable macros globally via a GPO?
Because then people wouldn't be able to infect themselves even if they tried...
Technically, yes. There are Office templates for that that will set the Office Security Center settings via GPO.
-
@RaceProUK said in Hospitals contract viruses - of the digital kind:
SMB
Which makes me wonder what would happen if it tried talking to my NAS which (technically) can support SMB v1.0.
-
Today has been nuts. At least 10 customers so far asking me about KB4012212 & Co. Windows updates: too difficult for hospital IT. Clearly.
-
@royal_poet
Everything that isn't following a manual to the letter to install some software is too complicated for hospital IT.The hospital I was talking about upthread had 3 "IT guys". 2 of them were too incompetent to even use the group policy editor or change a simple SQL query in one of the reporting systems. The third one actually knew quite a lot about Windows administration and development, but since he was a junior he had to service printers all day.
The fact that my taxpayer money went to those idiots still makes my blood boil. And the fact that I managed to save around 32 man hours per month for the head nurse by changing a few SQL queries during my lunch break - which the contractors were unable to - is fucking hilarious.
-
@accalia said in Hospitals contract viruses - of the digital kind:
@blakeyrat said in Hospitals contract viruses - of the digital kind:
@accalia My experience with hospitals (in the US at least) is that doctors were excited by technology and very good at learning and using it, and it was the nurses who were more phobic and tried to avoid using technology whenever possible.
East coast versus west coast i guess.
Or young vs old I think.
I think doctors graduated in last 20 years need to use computer to do their assignments in order to graduate.
-
-
-
@royal_poet said in Hospitals contract viruses - of the digital kind:
Today has been nuts. At least 10 customers so far asking me about KB4012212 & Co. Windows updates: too difficult for hospital IT. Clearly.
You know the best part of this whole thing?
Windows 7 extended support ends in 2 years, 8 months. That is going to be fun.
-
@cheong said in Hospitals contract viruses - of the digital kind:
@accalia said in Hospitals contract viruses - of the digital kind:
@blakeyrat said in Hospitals contract viruses - of the digital kind:
@accalia My experience with hospitals (in the US at least) is that doctors were excited by technology and very good at learning and using it, and it was the nurses who were more phobic and tried to avoid using technology whenever possible.
East coast versus west coast i guess.
Or young vs old I think.
I think doctors graduated in last 20 years need to use computer to do their assignments in order to graduate.
My doctor uses Google Glass.
-
@asdf were up to 35 calls now. I just wanna be an ostrich now and stick my head in the sand.
-
@royal_poet said in Hospitals contract viruses - of the digital kind:
I just wanna be an ostrich now and stick my head in the sand.
Cosplay opportunity detected. Please post some photos. ;)
-
@dcon said in Hospitals contract viruses - of the digital kind:
My doctor uses Google Glass.
Outdated, unsupported technology! Sad!
@cheong said in Hospitals contract viruses - of the digital kind:
Or young vs old I think.
I think doctors graduated in last 20 years need to use computer to do their assignments in order to graduate.That's the idea behind the "digital gap" and "digital natives" memes that the media loves to repeat.
It's true to some extent: young people have grown up using computers and aren't "scared" of them like some old people seem to be.
However the implication that young people understand computers better is total bullshit. 95% of those kids that know how to watch funny videos on their iPads still won't know anything about how programs run or how to manage Windows installs. Those aren't things you naturally pick up by using computers, you need a sense of curiosity to drive you to actively learn them.
30 years from now, those "digital native" kids that are growing up with their own smartphones will be doctors working in a hospital, refusing to adapt to some new OS and driving their IT people mad.
-
-
@Boner said in Hospitals contract viruses - of the digital kind:
How does that unite with 'people with enough clout and obnoxiousness to tell other people to pay ransome (sic) in bitcoin and not take no for an answer'?
-
@PleegWat said in Hospitals contract viruses - of the digital kind:
...to tell other people to pay ransome (sic) in bitcoin and not take no for an answer'?
ransome! Cromulent!
Hey Bob, you payed the ransome ?
Nah, nuked and paved! I will rewrite that kludgey codebase in shiny javascript.
-
-
@RaceProUK how did they have Windows XP running on the internet but somehow also not have Windows Update enabled?
-
@ben_lubar said in Hospitals contract viruses - of the digital kind:
@RaceProUK how did they have Windows XP running on the internet but somehow also not have Windows Update enabled?
because they want to avoid unexpected reboots for windows update. du-uh.
have you not been paying attention to the lounge lately?
-
@ben_lubar said in Hospitals contract viruses - of the digital kind:
@RaceProUK how did they have Windows XP running on the internet but somehow also not have Windows Update enabled?
Wait - XP still updates ???
-
@dcon said in Hospitals contract viruses - of the digital kind:
@ben_lubar said in Hospitals contract viruses - of the digital kind:
@RaceProUK how did they have Windows XP running on the internet but somehow also not have Windows Update enabled?
Wait - XP still updates ???
It did for WannaCry: MS released a special emergency patch.
-
@dcon said in Hospitals contract viruses - of the digital kind:
@ben_lubar said in Hospitals contract viruses - of the digital kind:
@RaceProUK how did they have Windows XP running on the internet but somehow also not have Windows Update enabled?
Wait - XP still updates ???
They released an emergency update to fix the exploit used to spread WannaCry.
-
2017-06-23T17:21:16.439Z compared to 2017-06-23T17:21:17.129Z: that's by just 0.69 seconds
-
@RaceProUK said in Hospitals contract viruses - of the digital kind:
@dcon said in Hospitals contract viruses - of the digital kind:
@ben_lubar said in Hospitals contract viruses - of the digital kind:
@RaceProUK how did they have Windows XP running on the internet but somehow also not have Windows Update enabled?
Wait - XP still updates ???
It did for WannaCry: MS released a special emergency patch.
I remember hearing about that. So I spun up my XP VM - and no patches...
-
@dcon said in Hospitals contract viruses - of the digital kind:
@RaceProUK said in Hospitals contract viruses - of the digital kind:
@dcon said in Hospitals contract viruses - of the digital kind:
@ben_lubar said in Hospitals contract viruses - of the digital kind:
@RaceProUK how did they have Windows XP running on the internet but somehow also not have Windows Update enabled?
Wait - XP still updates ???
It did for WannaCry: MS released a special emergency patch.
I remember hearing about that. So I spun up my XP VM - and no patches...
Maybe you already have it?
-
@RaceProUK said in Hospitals contract viruses - of the digital kind:
@dcon said in Hospitals contract viruses - of the digital kind:
@RaceProUK said in Hospitals contract viruses - of the digital kind:
@dcon said in Hospitals contract viruses - of the digital kind:
@ben_lubar said in Hospitals contract viruses - of the digital kind:
@RaceProUK how did they have Windows XP running on the internet but somehow also not have Windows Update enabled?
Wait - XP still updates ???
It did for WannaCry: MS released a special emergency patch.
I remember hearing about that. So I spun up my XP VM - and no patches...
Maybe you already have it?
Since I hadn't made any changes for a year, probably not!
hmm - maybe I didn't do this one - last checkpoint is March. (spins up) Windows Update. "500 - Internal server error." Well fuck. (the pinned
windowsupdate.microsoft.com
link)edit: found different url
update.microsoft.com/windowsupdate
, 0 updates.
edit2: Last update was Aug 2 2016 (malicious software removal tool)
edit3: Went out and found patch. Manually updated.