1. Forum
  2. Fidonet
  3. INTERNET

  • hackers targeting hospita

    From Mike Powell@1:2320/105 to AUGUST ABOLINS on Fri May 8 10:44:00 2020
    But I was thinking of places like hospitals and medical centers. In
    October last year a large medical center with offices all over the province/country was struck with a security breach. Then, a month later
    it was announced that is was ransomware. This was clearly activated by clicking on a false link.

    Yes, I am shocked this has been allowed to happen to hospitals more than
    once. IIRC, it happened to hospitals in the UK also.

    Mike

    ---
    * SLMR 2.1a * You radiate cold shafts of broken glass!
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)
  • From Mike Powell@1:2320/105 to AUGUST ABOLINS on Thu May 7 16:58:00 2020
    Eg. People at work don't need to access Facebook or expose company
    computers to malicious site

    Well... where I work, we have people whose job it is to locate persons.
    One of the sources they use is Facebook. For whatever reason, a lot of
    less than intelligent crooks will try to send us false contact data but
    then post all about themselves on social media. :)

    Mike
    ---
    * SLMR 2.1a * "Don't make me put a dog heart in there!" - Dr. Hibbert
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)
  • From August Abolins@2:221/1.58 to Mike Powell on Thu May 7 21:04:00 2020
    Hello Mike!

    ** On Thursday 07.05.20 - 16:58, Mike Powell wrote to AUGUST ABOLINS:

    Eg. People at work don't need to access Facebook or expose company
    computers to malicious site

    Well... where I work, we have people whose job it is to locate persons. One of the sources they use is Facebook. For whatever reason, a lot of less than intelligent crooks will try to send us false contact data but then post all about themselves on social media. :)

    OK.. I see the relevance for collection agencies especially when needing
    to locate persons. But even then, it would be wise to isolate work
    terminals for internet searches from the internal network used for
    accessing company accounts.

    But I was thinking of places like hospitals and medical centers. In
    October last year a large medical center with offices all over the province/country was struck with a security breach. Then, a month later
    it was announced that is was ransomware. This was clearly activated by clicking on a false link.

    https://www.cpomagazine.com/cyber-security/lifelabs-data-breach-the- largest-ever-in-canada-may-cost-the-company-over-1-billion-in-class- action-lawsuit/

    "15 million Canadians affected is over 40% of all Canadians".

    "In the public statement, LifeLabs indicated that they made some sort of a payment to retrieve the stolen data. The company did not elaborate on the nature of the attack."

    Ha. The nature was ransomeware, and some old ninny probably clicked on
    fake link in their personal email or on a non-company related website.


    Then, there were a few other ones earlier than that:

    https://www.cbc.ca/news/technology/ransomware-ryuk-ontario-hospitals- 1.5308180

    https://www.cbc.ca/news/canada/kitchener-waterloo/rural-hospitals-in- southwest-ontario-hit-by-ransomware-attack-1.5301947

    "The main vector for attacks is people, through phishing or the more
    targeted spearphishing attacks," in which hackers gather information using deceptive emails or websites, he explains. "Ninety percent of breaches
    start with a person."

    The solution seems simple enough. Disallow access to unapproved destinations, especially from the computers that are networked to patient records!


    ../|ug

    --- OpenXP 5.0.43
    * Origin: (2:221/1.58)
  • From Phil Taylor@1:275/201.30 to August Abolins on Tue Feb 9 21:18:25 2021
    On Thu 7-May-2020 21:04 , August Abolins@2:221/1.58 said to Mike Powell:

    ** On Thursday 07.05.20 - 16:58, Mike Powell wrote to AUGUST ABOLINS:

    Eg. People at work don't need to access Facebook or expose company
    computers to malicious site

    Well... where I work, we have people whose job it is to locate
    persons.
    One of the sources they use is Facebook. For whatever reason, a lot
    of
    less than intelligent crooks will try to send us false contact data
    but
    then post all about themselves on social media. :)

    OK.. I see the relevance for collection agencies especially when needing

    One reason why I do not use social sites because they seem to be getting hacked. Take a look this https://www.bbc.com/news/technology-51424352#:~:text=Facebook%27s%20social%20m Twiter got hacked.

    to locate persons. But even then, it would be wise to isolate work terminals for internet searches from the internal network used for accessing company accounts.

    Where I work you can only got to sites on the internet if it's for official business.

    But I was thinking of places like hospitals and medical centers. In October last year a large medical center with offices all over the province/country was struck with a security breach. Then, a month later it was announced that is was ransomware. This was clearly activated by clicking on a false link.

    https://www.cpomagazine.com/cyber-security/lifelabs-data-breach-the- largest-ever-in-canada-may-cost-the-company-over-1-billion-in-class- action-lawsuit/

    To bad they do not have a methode to check the site to see if it's a security risk and block it before the user connects to it. Where I work they have security software that does it.


    --- CNet/5
    * Origin: 1:275/201.0 (1:275/201.30)