Cyber attack on hospitals

StewartR said:
I guess so. And they won't have had much experience of doing really widespread systems migrations, so they could easily have underestimated how long the supertanker would take to get moving. That's understandable.
Click to expand...
No one ever really has prior experience of such a widespread migration as the goalposts keep moving - ever more devices, ever more connectivity.


Is anyone confident we'll have all the 32-bit Unix-based systems identified and upgraded before 2038?
 
Alastair said:
Is anyone confident we'll have all the 32-bit Unix-based systems identified and upgraded before 2038?
Click to expand...
Don't go there. Just don't.
 
Alastair said:
Is anyone confident we'll have all the 32-bit Unix-based systems identified and upgraded before 2038?
Click to expand...
On the board of "issues to be addressed" in my office is something I wrote there about a decade ago. It is "end of time", which means 19th January 2038.

One of our end-user facing servers for an current product is 32 bit (and needs to be, certain things cannot be built against 64 bit libraries) and given that people are still using the predecessor product that we deprecated and withdrew for sale in 2004, I confidently expect that people will still expect it to be working on 20th January 2038.
 
There is also another point which I haven't seen mentioned anywhere - whether replacement systems (servers etc) will continue to support the older OSs.

I have a copy of Windows ME from many years ago but when I tried to use it in a VM it crashed after installing to about half way - the same with my 2 PCs.

I assume that some part of the OS was no longer compatible with more modern PC setups - probably due to it running on top of DOS.

I see a situation arising in the future where servers and PCs will simply no longer support older OSs maybe because Microsoft will alter Win 10 so that it can only be used on newer PCs.

And Microsoft is already pressuring chip manufacturers to only support Win 10 by restricting the drivers available:

http://www.pcgamer.com/amd-confirms-there-will-be-no-ryzen-drivers-for-windows-7/

http://wccftech.com/intel-skylake-remove-support-usb-based-windows-7-installation-platform-specs/

https://arstechnica.com/information...windows-updates-for-old-windows-on-new-chips/

http://www.kitguru.net/components/c...ke-users-out-of-updates-on-windows-7-and-8-1/

As far as I can see this policy almost certainly could be regarded as going against anti-trust laws in the USA and a whole slew of EU laws.

It also seems to suggest that Linux could also be barred from these new systems!
.
 
KitsuneAndy said:
Yeah, I just came back to edit as I realised I'd misread it :)

Wouldn't surprise me if it was just the machines on the front desks, but still disruptive to service
Click to expand...

I work in a NICU and the computers there are all xp :-/
 
StewartR said:
That article says that 90% of trusts still use XP
Click to expand...
KitsuneAndy said:
Wouldn't surprise me if it was just the machines on the front desks, but still disruptive to service
Click to expand...
I'd expect the opposite. Machines on front desks are probably amongst the easiest to replace or upgrade. The ones that are the hardest are the ones that run MRI scanners and such like.
 
StewartR said:
I'd expect the opposite. Machines on front desks are probably amongst the easiest to replace or upgrade. The ones that are the hardest are the ones that run MRI scanners and such like.
Click to expand...

everyone is focusing on MRI scanners and the such and there arent that many of them.
The machines that are the issue are the ones running all the many NHS custom software programs that simply cannot be upgraded remotely.
Software using old school ODBC conections to old DB products etc.
These PCs need one to one upgrades which is labour intensive, also the NHS IT is very fragmented so even office printers are not properly networked which means remote upgrades are hard to do.
given the tiny IT resources the NHS has it really is a nightmare add to that costs are always allocated to the front line it is a losing batlle.
 
It's also unclear whether the figure for machines running Win XP includes those running Win XPe and derivatives, some versions of which are still supported by Microsoft.

Mr Bump said:
everyone is focusing on MRI scanners and the such and there arent that many of them.
The machines that are the issue are the ones running all the many NHS custom software programs that simply cannot be upgraded remotely.
Click to expand...
MRI scanners are used as an example of a medical device that cannot have the OS updated without revalidating the machine, this won't just be MRI scanners it will be other large devices (such as x-ray machines) but also a lot of more numerous, smaller devices, bedside patient monitors, dialysis machines, defibrillators, anaesthesia machines, etc. Several studies have already shown many of these to be vulnerable, both individually and as access points into the networks they're connected to.
 
Alastair said:
It's also unclear whether the figure for machines running Win XP includes those running Win XPe and derivatives, some versions of which are still supported by Microsoft.


MRI scanners are used as an example of a medical device that cannot have the OS updated without revalidating the machine, this won't just be MRI scanners it will be other large devices (such as x-ray machines) but also a lot of more numerous, smaller devices, bedside patient monitors, dialysis machines, defibrillators, anaesthesia machines, etc. Several studies have already shown many of these to be vulnerable, both individually and as access points into the networks they're connected to.
Click to expand...

Are they all networked though?
 
Mr Bump said:
everyone is focusing on MRI scanners and the such and there arent that many of them.
Click to expand...
Exactly, given that "and the such" includes a whole host of less glamorous but equally critical equipment. There aren't very many of them, compared to ordinary desktop machines, and that's why the NHS has come down from 90% XP 3 years ago to 5% XP now.
 
KitsuneAndy said:
Are they all networked though?
Click to expand...
According to some of the reports I've read this morning, yes.. too many of them are, and too many of them via non-encrypted or poorly encrypted wifi connections. Although at least one analysis suggested they're less vulnerable to attack via the network than the network is vulnerable to attack via them.

http://www.computerworld.com/articl...to-create-backdoors-in-hospital-networks.html
http://www.ptatechnologies.com/MedicalDeviceCaseStudy.htm
 
KitsuneAndy said:
Are they all networked though?
Click to expand...
If they are diagnostic machines such as scanners, I think they would have to be networked, wouldn't they? Otherwise how do you get the data out of them?

I don't know anything about other types of medical devices so can't comment directly on the requirement to network them.

Here's a thought though, which may not be entirely irrelevant. (Bear with me.) We're currently shopping for a new cat flap, and it needs to be capable of reading microchips, and my wife came across one that's WiFi enabled so that you can control it with an app. At first I thought that was the height of madness - well, OK, perhaps not as mad as Juicero - but then it dawned on me that it does allow the device to be programmed relatively easily without requiring a complicated user interface - the phone or tablet on which you run the app takes care of all that. It allows the owner to choose which cats are allowed in or out, at what times, and stuff like that. Very handy when one of them has a vet appointment and has to be kept in but the others don't.

So perhaps that (the need to be able to provide a rich programming interface) is a justification for networking medical devices too.
 
Last edited:
StewartR said:
If they are diagnostic machines such as scanners, I think they would have to be networked, wouldn't they? Otherwise how do you get the data out of them?

I don't know anything about other types of medical devices so can't comment directly on the requirement to network them.

Here's a thought though, which may not be entirely irrelevant. (Bear with me.) We're currently shopping for a new cat flap, and it needs to be capable of reading microchips, and my wife came across one that's WiFi enabled so that you can control it with an app. At first I thought that was the height of madness - well, OK, perhaps not as mad as Juicero - but then it dawned on me that it does allow the device to be programmed relatively easily without requiring a complicated user interface - the phone or tablet on which you run the app takes care of all that.

So perhaps that's a justification for networking medical devices too.
Click to expand...

It depends. I've seen x-ray machines that you put a USB in and copy the data off before. So it wouldn't necessarily need to be networked, and even if it's networked internally, it may not need to be connected to the outside world.

But then there are reasons they may want to be connected to the outside world as well, I'm just curious as to how much of the diagnostic kit is hooked up to external networks.
 
KitsuneAndy said:
I'm just curious as to how much of the diagnostic kit is hooked up to external networks.
Click to expand...
Since most NHS Trusts span multiple sites, I'd be surprised if there are (m)any networks that are really cut off from the outside world. Firewalled, but not air-gapped.
 
It is not about the kit wether it is an MRI scanner or a dog food dispenser.
The bottom line is the NHS IT department is screwing up big time maybe it is lack of money or resources and i think it will be.

if people can't get cancer treatment because of money issues then i imagine priorites have IT wayyyyyyy down the list.

This is a wake up call that will be ignored......
 
Mr Bump said:
It is not about the kit wether it is an MRI scanner or a dog food dispenser.
The bottom line is the NHS IT department is screwing up big time maybe it is lack of money or resources and i think it will be.

if people can't get cancer treatment because of money issues then i imagine priorites have IT wayyyyyyy down the list.

This is a wake up call that will be ignored......
Click to expand...

Again, it's not just the NHS that has been hit by this, hundreds of other companies worldwide also fell foul of it so they have the same issue.

It's not simply money that's the problem, as per this post, sometimes it's not possible to just throw out a patch to everything. A more important point is that Microsoft didn't actually release a version of MS017-10 for XP or Server 2003 until after the WanaCry outbreak even though they highlihgted the issue of SMB1 last September in a blog post after being advised that the exploit was in the wild in August. So, realistically, it's not really the IT departments' fault if there wasn't even a patch available for those operating systems before then!

Of course, there's the whole question about services running on systems no longer supported by the vendor but again, it's not always a simple case of throw money at a problem and it goes away.
 
Mr Bump said:
everyone is focusing on MRI scanners and the such and there arent that many of them.
The machines that are the issue are the ones running all the many NHS custom software programs that simply cannot be upgraded remotely.
Software using old school ODBC conections to old DB products etc.
These PCs need one to one upgrades which is labour intensive, also the NHS IT is very fragmented so even office printers are not properly networked which means remote upgrades are hard to do.
given the tiny IT resources the NHS has it really is a nightmare add to that costs are always allocated to the front line it is a losing batlle.
Click to expand...


Make your mind up. I thought it's all the NHS IT Department's fault?
 
stevelmx5 said:
Make your mind up. I thought it's all the NHS IT Department's fault?
Click to expand...

It is the IT depts fault, they should have lead and pushed for change years ago.
in some case with XP we are talking a decade ago, it is not like the issue is going away.
these older OSs are more prone to attack as days and weeks and years go by.

only IT can highlight issues and push them forward.
 
Mr Bump said:
It is the IT depts fault, they should have lead and pushed for change years ago.
in some case with XP we are talking a decade ago, it is not like the issue is going away.
these older OSs are more prone to attack as days and weeks and years go by.

only IT can highlight issues and push them forward.
Click to expand...

That's a nice idea but realistically, IT is usually bottom of the list when it comes to decision making on refresh projects/funding.

Also, as per my previous post, all operating systems are equally vulnerable to the WanaCry vulnerability if they're unpatched so the outbreak could have come from a Windows 10 client if they haven't had a rollup pushed out to them.

I assume that HR would also have to take responsibility as the vulnerability is attacked as a result of a user error (opening an attachment in a phishing email)?
 
Mr Bump said:
only IT can highlight issues and push them forward.
Click to expand...
But they're banging on the door of "no budget available for that sort of thing".
 
Thankfully, we're okay at work - not been hit, but the trust did pull down e-mail / internet and some PC's / laptops over the weekend to try to help ensure we didn't get infected...
 
neil_g said:
Spent most of the morning fixing a server that fell over post patch and reboot. This is why you don't just rush into patching critical systems.
Click to expand...

Snapshots?
 
neil_g said:
Yup. held too much data to do in a reasonable time frame.
Click to expand...

snapshots don't work that way. They don't take copies of the data they create a delta disk.
only the changes are held in the delta VD and the origonal VKD state is frozen.
snapshots were invented for patching.
 
Mr Bump said:
snapshots don't work that way. They don't take copies of the data they create a delta disk.
only the changes are held in the delta VD and the origonal VKD state is frozen.
snapshots were invented for patching.
Click to expand...
Maybe a poor choice of words on my part. Although it really depends on your backup vendors definition of snapshot or image based backup.

Snapshotting in its true sense is great, if you can afford to tie up disks retaining multiple full copies. Unfortunately most businesses won't and are generally fully provisioned with only slow secondary media.

Would I have loved to flip a switch, sure. But unfortunately this was a server that was built by a 3rd party and it was someone else that patched it.

However again it highlights that a lot of organisations will not have the perfect, flip a switch if it goes wrong fail over, and patching needs a little more planning and simply isn't a quick process.
 
neil_g said:
Maybe a poor choice of words on my part. Although it really depends on your backup vendors definition of snapshot or image based backup.

Snapshotting in its true sense is great, if you can afford to tie up disks retaining multiple full copies. Unfortunately most businesses won't and are generally fully provisioned with only slow secondary media.
Click to expand...

Snapshotting doesn't necessarily tie up disks with full copies, it just goes back to your first comment - it depends on the vendors (doesn't have to be a backup vendor) implementation.
 
Well I tried downloading security updates to my laptop and it had the exact same result as the last time I tried. The laptop refuses to then connect to the internet. So I've restored the laptop to a few days ago and got rid of the security updates...............................................again.
 
nilagin said:
Well I tried downloading security updates to my laptop and it had the exact same result as the last time I tried. The laptop refuses to then connect to the internet. So I've restored the laptop to a few days ago and got rid of the security updates...............................................again.
Click to expand...
Are you letting it update a device driver?
 
Let's be honest here it's not just NHS it's world wide so users have to get clever to over come these problems
 
You must log in or register to reply here.
Back
Top