LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   'Cyberattack on Britain's National Health Service - A Wake-up Call for Modern Medicine' (https://www.linuxquestions.org/questions/linux-security-4/cyberattack-on-britains-national-health-service-a-wake-up-call-for-modern-medicine-4175611490/)

RandomTroll 08-07-2017 11:18 AM
'Cyberattack on Britain's National Health Service - A Wake-up Call for Modern Medicine'
 
N Engl J Med 2017; 377:409-411 August 3, 2017 DOI: 10.1056/NEJMp1706754
http://www.nejm.org/doi/full/10.1056/NEJMp1706754

Quote:
Less fortunate were NHS general practices, many of which are
now fully electronic. With no backup paper systems for registering
patients on arrival, recording consultations, or prescribing
medications, they were forced to close their doors, turning their
patients away.
Quote:
"At my hospital we are literally unable to do any x-rays,
which are an essential component of emergency medicine."
Quote:
At one of the capital's biggest hospitals, the automated refrigerators used for dispensing blood products were shut down,
Quote:
the biggest surprise of the malware attack was not that it
happened but why it had taken so long. It is an irony lost on no NHS
doctor that though we can transplant faces, build bionic limbs, even
operate on fetuses still in the womb, a working, functional NHS
computer can seem rarer and more precious than gold dust.
The lesson of this article is how behind-hand the medical community is
to digital security. I don't pick on the British: American hospitals
have been successfully attacked too. I attribute it partly to
providing care crowding out everything else that can be put off and
partly to the conceit of the medical community about their superiority
to 'lesser' concerns, as seen in the treatment of Semmelweis.

Habitual 08-07-2017 04:32 PM
This article is available to subscribers.

AwesomeMachine 08-08-2017 03:43 AM
It usually takes an attack to motivate anyone to action. If you can't see it, and it doesn't affect you, you're not going to care. Ideally we learn from the mistakes of others. But there is a tendency toward the belief that it won't happen to "me".

Turbocapitalist 08-08-2017 06:52 AM
Quote:
Originally Posted by AwesomeMachine (Post 5745865)
But there is a tendency toward the belief that it won't happen to "me".
That's some of it. There is also a large component of ideology and willful blindness to facts, even if it means taking a loss. People have known for 20+ years that M$ products are not fit for purpose, and especially unsuited to networked enviroments. These latest events only rub their noses in it one more time again:

http://www.networkworld.com/article/...you-fired.html

Yet they've persisted and over time have replaced their IT staff with M$ resellers. It's causing them to not just lose money but to also lose patients.
Given the seriousness of the situation those that ordered the rollout of M$ inside the hospitals need to be facing manslaughter charges.

RandomTroll 08-08-2017 10:45 AM
Quote:
Originally Posted by Habitual (Post 5745674)
This article is available to subscribers.
Sorry! I connect at the university, whose users inherit its subscriptions. I quoted choice parts that give the important points I wanted to pass along; anyone can read the abstract. The details aren't that important: the important message is that the UK's NHS can be so careless.

hazel 08-08-2017 11:12 AM
It's not only the NHS! Do you remember the TalkTalk scandal? Someone cracked their customer database and made off with all kinds of personal info, and the company spokesperson couldn't even say whether the data had been encrypted or not. And that's supposed to be a tech firm! If they don't know zilch about the tech they're using, what do you expect of medical staff?

273 08-08-2017 12:47 PM
Being "behind hand" is not the problem.
The situation is more complicated and depressing but pkease don't believe the media about either the impact or the number of XP machines.

RandomTroll 08-09-2017 11:39 AM
Quote:
Originally Posted by hazel (Post 5746049)
It's not only the NHS! Do you remember the TalkTalk scandal? Someone cracked their customer database and made off with all kinds of personal info, and the company spokesperson couldn't even say whether the data had been encrypted or not. And that's supposed to be a tech firm! If they don't know zilch about the tech they're using, what do you expect of medical staff?
I expect the NHS to hire competent professionals. They hire professional accountants, architects, engineers, scientists... They're not 'TalkTalk'.

RandomTroll 08-09-2017 11:40 AM
Quote:
Originally Posted by 273 (Post 5746091)
Being "behind hand" is not the problem.
The situation is more complicated and depressing but pkease don't believe the media about either the impact or the number of XP machines.
I only know what I read in the medical journals (which includes 'The Lancet'). If you know more I'd be glad to read about it.

273 08-09-2017 11:56 AM
Quote:
Originally Posted by RandomTroll (Post 5746425)
I only know what I read in the medical journals (which includes 'The Lancet'). If you know more I'd be glad to read about it.
All I know is that government IT systems do include a a good many XP clients for what appears to be no reason other than nobody will pay to have the kit upgraded. What I am told about the NHS is that that is the case there too -- with XP machines still being handed out as current kit but I have to admit that most of this is third hand from friends of those who work for the NHS and from conversations with those who work in its peripheries. In other words, Civil Service IT grapevine but I trust it more than the sudden change from "lots of XP machines affected" to "a small percentage, running XP".


All times are GMT -5. The time now is 11:02 PM.