Couldnt tell by my activist RT TikToker friend. I finally had to snooze her for 30 days.The ISDH website posts the data. Hospitalizations are back to what they were in the early spring of 2020. They are half of what they were at the height of this.
What is a foolproof backup plan?That is a very funny joke!
Back to the subject though...
How is it that hospitals cannot have an IT program that includes a fool proof backup plan?
This **** would come to a screeching halt with some well planned, well coordinated, well executed violence.
I was thinking more like a JDAM in their living room. Sure there are Hellfire Missiles and Small Diameter Bombs, but I'm old-school. Before you say anything, the JDAM is almost 30 years old.They would comment, in return, that our well planned, well coordinated violence would come to a screeching halt with just a pinch of their **** dusted on the street in front of our metaphorical bro dozers……
And they would be correct.
Money. Period.That is a very funny joke!
Back to the subject though...
How is it that hospitals cannot have an IT program that includes a fool proof backup plan?
I'm retired from IT and one of the reasons that pushed me out was lack of support from management. They wanted a backup/contingency plan that covered about 9 TB of data distributed across multiple sites in the US, China and India and it has to cost less that $100,000. I'm too old for that crap.So true. You try to stop it, but you better have a good plan in place to recover if/when it does.
I'm so close to retiring full time I can smell it....can't wait.I'm retired for IT and one of the reasons that pushed me out was lack of support from management. They wanted a backup/contingency plan that covered about 9 TB of data distributed across multiple sites in the US, China and India and it has to cost less that $100,000. I'm too old for that ****.
Good for you buddy. I hope to join you in 2 years if I can even hold out that long...I'm so close to retiring full time I can smell it....can't wait.
Thankfully my company now realizes they have to spend money to try to protect things. I guess the headlines over the last year woke them up.I'm retired from IT and one of the reasons that pushed me out was lack of support from management. They wanted a backup/contingency plan that covered about 9 TB of data distributed across multiple sites in the US, China and India and it has to cost less that $100,000. I'm too old for that crap.
If you're not worried about being impacted by these kinds of attacks, you're not paying enough attention.
If an actual expert has suggestions, I'm all ears...
Punishment? I'd say let's start at attempted murder charges for every person put on danger in the hospital.1's-0's from anywhere in the world from a nice, cheap computer is a much bigger threat than space launched, super expensive & complicated EMP or nuclear weapon...
-- But you can't convince the scared bunnies of that.
Water, sewage, electrical grid, natural gas & petroleum pipelines/pumping stations are front line targets, with strategic value...
The strategic planners have recommended power grids go small scale, small grid production (wind & solar) rather than big production plants since the operators of those plants & grids REFUSE to update or protect their networks.
The military has made pretty good strides in that direction, but the US commercial grid has done virtually nothing with the exception of spending money on disinformation campaigns...
It takes real scumbags to ransom a hospital...
I don't even know what a 'Proper' punishment would be.
I use that 'White List' protection, but I have no idea how good it is.
My computer expertise stops at PLC's/logic ladders.
If an actual expert has suggestions, I'm all ears...
No. These attacks rely on stupid people falling for stupid links. Click the link, open the attachment, etc and boom. Anything they have the ability to change gets encrypted. (or the attacker takes control and starts snooping remotely) Its more about giving users too much power/access and lack of security patches.So honest question , would two factor authentication help prevent these kind of attacks? When I was at Indiana University the IT department seemed to be pretty on top of security to my untrained eyes. Every time you logged into the system you needed your usual username and passphrase , then a secondary authentication is sent to an app on your phone or a "token" to login.
I am familiar with the ways in which ransomware attacks compromise data backups (just wait for the system to back up with the Ransomeware on it) then basically controll the entire system.
Second question, since most of these attacks seem to be coming out of Eastern Europe what can we do feasibly to deter these scumbags? I mean seriously I am not a fan of the way America does healthcare but someone has to be a real piece of **** to attack a hospital like that.
That makes a lot of sense to me, seriously thanks for taking the time to explain it.No. These attacks rely on stupid people falling for stupid links. Click the link, open the attachment, etc and boom. Anything they have the ability to change gets encrypted. (or the attacker takes control and starts snooping remotely) Its more about giving users too much power/access and lack of security patches.
But MFA is AWESOME in general. We were getting slammed by password stealer.
User clicks the bogus link to a lookalike O365 site. They input their username and password, giving it to the bad guy.
Bad guy logs into their O365 account from Maldova and then sends a nasty virus, etc to everyone on that persons contact list, as well as harvesting sensitive info from their inbox, notes, Onedrive, etc.
Now that turned that on, The worst that happens is we get a warning that BillyJoeBob failed to sign into his 365 account from a 3rd world country while he's here in Indy. (we then change his password and remind him to pay more attention)
Any time. I HIGHLY Recommend MFA (2FA) for any account that supports it. It used to be that only rich folk or enterprises that could afford expensive RSA key fob systems could do it. Today with smart phone apps and SMS, literally anyone can do it for free.That makes a lot of sense to me, seriously thanks for taking the time to explain it.
Way off base here. PLCs are some of the most vulnerable systems. They may not have been connected to networks 30 years ago, but today they generally are. Welcome to IoT.PLC's in my opinion are pretty safe proves they aren't connected to the network and all firmware upgrades are thoroughly vetted.
I think a typo caused a miscommunication. What I meant to say is they are safe "provided" they aren't connected to the network.Way off base here. PLCs are some of the most vulnerable systems. They may not have been connected to networks 30 years ago, but today they generally are. Welcome to IoT.
Not only are PLCs connected, but their I/O devices are as well. More and more of these things are being connected all the time. Isolating them as much as possible is generally the only option. There are of course business driven issues with that. The first is the desire for access to systems for management/troubleshooting. Another problem is the desire to use analytics with the data that comes from them.
It is a constant battle between access and security.
Speaking of IoT. That has been one of the worst things to happen from a security perspective. More and more devices are put onto networks. Many/most of which have rudimentary security at best, and often never get updated to fix what issues are actually addressed by the manufacturers.