LA Hospital being held hostage by ransomware



  • http://www.theatlantic.com/technology/archive/2016/02/hackers-are-holding-a-hospitals-patient-data-ransom/463008/

    Title is pretty much it. Key sentence buried at the bottom:

    ... it’s in desperate straits without a backup of its patient files.

    Why don't you have a fucking backup


  • Winner of the 2016 Presidential Election Banned


  • Grade A Premium Asshole

    @fwd said:

    Why don't you have a fucking backup

    FFS, how do they not even have a VSC or a snapshot??


  • :belt_onion:

    @Polygeekery said:

    FFS, how do they not even have a VSC or a snapshot??

    WAY, WAY, WAY too advanced for a hospital. If they had backups they'd look like this:

    Not that I'm knocking tapes; they served me well for years on end and I'm still amazed at their data density.


  • Grade A Premium Asshole

    @heterodox said:

    WAY, WAY, WAY too advanced for a hospital. If they had backups they'd look like this:

    Well, those would be actual backups. VSC and snapshots are not backups. But for something like this, you could recover from a VSC.

    We have had clients get hit by ransomware. Not once did we have to go to real backups. We only had to roll back a VSC and they were good to go (after cleaning out the ransomware of course).



  • @ben_lubar, wanna post a link to the @royal_poet thread where that happened?



  • That really does sound like a day at my work. Must check if they are our customers.



  • I suspect it's more common than people thin, only we never hear of it.

    When Conficker or whatever it was called was doing the rounds, hospitals in the UK got it. The kicker was, this virus turned up not only on city council IT infrastructure but also on MoD hardware... The hospital IT angle was not as heavily reported.


  • :belt_onion:

    Nah, it doesn't really happen. After all, they've already been infected with MUMPS.

    Sorry, that was pretty bad. I'll show myself out...



  • I'd say I see a virus infection once a month or thereabouts. Usually there are some backups. Not a recent one, but from within the last two weeks so we fix it quietly.

    This kinda thing comes in waves though. I had the customer down that I mentioned in the other thread this morning and I know that two or three in the same region of Germany have the same issue. They've not called in yet - might be today. They usually need 2-3 days to get the infection out of their main system.



  • Do you have any idea what time it i‌😴


  • Dupa

    Yup. 7:50 AM. Rise, sunshine!


  • Winner of the 2016 Presidential Election

    @ben_lubar said:

    Do you have any idea what time it i‌😴

    Lunch time!


  • Dupa

    @Arantor said:

    I suspect it's more common than people thin

    Hope you're talking about the US. Otherwise we're in a deep shit.



  • Actually, I think it is more common in Europe as Europe tends to have much smaller practices and sites with insufficient funding for proper IT.


  • Dupa

    But we have much more thin people! 🚜

    @royal_poet said:

    Europe tends to have much smaller practices and sites with insufficient funding for proper IT.

    Hear ya. I don't think there is such s thing as proper IT in Polish healthcare.



  • that's what medical physicists are for.

    whenever I speak to Polish customers I speak to someone from med physics. 😄


  • Dupa

    @royal_poet said:

    that's what medical physicists are for.

    whenever I speak to Polish customers I speak to someone from med physics. 😄

    Well, that's better than medical physicians, surely. 😆



  • @Polygeekery said:

    for something like this, you could recover from a VSC

    ...provided that the volume with the shadow copies on it was not online at the time the ransomware did its thing. I've only ever encountered one instance of ransomware in the wild, and it explicitly dropped all shadow copies before it even started to encrypt anything. I ended up recovering about 40% of the destroyed photo collection from deleted data using PhotoRec; not a process I'd care to rely on for hospital databases.



  • yeah the newer ones are clever enough to remove the shadow copies.



  • @kt_ said:

    I don't think there is such s thing as proper IT in Polish healthcare.

    I luckily don’t go to hospital much, but had to last year. My local doctor had given me a filled-out form that I handed to the receptionist at the hospital, who promptly placed it on a flatbed scanner (that, incidentally, looked like it was made in the last century). When I got to the treatment room, a screen there showed the scanned form.

    How about my doctor being able to type things into the computer on his desk, and this information miraculously showing up at the hospital’s computer as well without involving a printer and a scanner?


  • Dupa

    @Gurth said:

    How about my doctor being able to type things into the computer on his desk, and this information miraculously showing up at the hospital’s computer as well without involving a printer and a scanner?

    Well, you're talking about magic. Hospitals/doctors can't let themselves immerse in such dark practices or people would abandon them in favor of charlatans, chiropractors etc.

    Healthcare has to be a painful experience or it won't work. It's like with medicines that have to be yucky to actually work.

    World 101, duh!


  • Dupa

    @kt_ said:

    Yup. 7:50 AM. Rise, sunshine!

    And now it's no longer 7.50. 😕 @ben_lubar, what did you do?!



  • Think I wrote about this a while back, but I had a customer many years ago that happened to be a Kids' hospital. They blew a mirrored disk on the cardiology server, so installed a new disk and started the mirroring operation in the wrong direction! Copied the new blank disk over the disk with the data.

    And they didn't have any backups :facepalm:



  • wow. what do you do in that situation? disk recovery?



  • @fwd said:

    a backup of its patient files.

    ...including information like 'patient X can't be given common medication Y because of hard-to-diagnose non-obvious condition Z, which will make his heart explode...'



  • @fwd said:

    wow. what do you do in that situation? disk recovery?

    From memory they were quoted a few grand to attempt recovery and it was reasoned that it would be cheaper to pay a junior to re-enter everything off the cards. Ultimately, and astonishingly, they didn't "lose" any data cos it was all down in the filing cabinets in the basement - pity the poor schmucks who had to re-enter tens of thousands of them, tho...



  • This seems absolutely ridiculous.

    I worked at a hospital that had a regional level 1 trauma center (the highest), and although, yes, we had super shitty clinical software that required Citrix connections to WinNT 3.5 to use (among other horrible ideas) and we had issues with viruses striking because of all the unmanaged systems that IT wasn't allowed to manage, what we did have a handle on was backups and redundancy for patient and financial data. Each database -- and there were many -- was on hourly incrementals and something like 5-10 minute log backups (this was 2005-6). I was there before virtualization, but all servers running clinical applications were still backed up to mag tape or disk daily. They had a whole team of night operators just to ensure that backups went smoothly. Every week a big box of backup media was picked up by Iron Mountain for permanent long term storage. See, our hospital -- and, as far as I'm aware, all hospitals -- are required to maintain any health record for any patient for the life of the patient. You can't throw it away. You can't lose it. It's your job to maintain it in a useful state for the next 120 years, if needs be. If medical records request comes in, you have to be able to respond to it.

    More than that, we had redundant systems. There was at least two different systems available to access any core patient data at any time. That doesn't mean two systems using the same database. No, that data was replicated between databases, so at least two different databases would have patient data. Yes, some of the systems were old, legacy systems that nobody liked and maybe even only ran on a terminal connection, but there was always redundancy. Doctors can always get to your data.

    If you don't have data backups, you're seriously risking your hospital accreditation. If you lose your hospital accreditation, you're fucked because it's your license to do business. Without accreditation, your hospital will not be covered by any hospital insurance agency and you can't file MediCare claims. That means doctors won't be able to practice there because malpractice insurance won't cover them in that hospital, and private patient insurance companies will not pay treatment costs at such a facility. At the very least, they're going to be paying some very stiff penalties. JCAHO does not fuck around.

    What I'm shocked by is that auditors never caught this. Again, JCAHO does not fuck around. There are supposed to be annual audits being done for all this.



  • Alan Stefanek, the CEO and president of Hollywood Presbyterian, told NBC reporters that the cyberattack on his hospital was “random” and not malicious.

    :wtf: Not malicious? :facepalm:



  • @CoyneTheDup said:

    not malicious

    TDEMSYR



  • @HardwareGeek said:

    TDEMSYR

    Ransomware is nothing but malicious. TR :wtf: is Alan Stefanek, saying the attack was "..'random' and not malicious." I can go along with random, yes, but it's just as "not malicious" as a random kidnapping.



  • @skotl said:

    Ultimately, and astonishingly, they didn't "lose" any data cos it was all down in the filing cabinets in the basement

    So they did have a backup!


Log in to reply