UK Battles Hacking Wave as Ransomware Gang Claims 'Biggest Ever' NHS Breach (techcrunch.com) 26
The U.K.'s largest NHS trust has confirmed it's investigating a ransomware incident as the country's public sector continues to battle a rising wave of cyberattacks. From a report: Barts Health NHS Trust, which runs five London-based hospitals and serves more than 2.5 million patients, was recently added to the dark web leak site of the ALPHV ransomware gang. The gang, also known as BlackCat, says it has stolen 70 terabytes of sensitive data in what it claims is the biggest breach of healthcare data in the United Kingdom. Samples of the allegedly stolen data, seen by TechCrunch, include employee identification documents, including passports and driver licenses, and internal emails labeled "confidential."
When asked by TechCrunch, a Barts Health spokesperson did not dispute that it was affected by a security incident that involved the exfiltration of data, nor did they dispute the legitimacy of the stolen data samples shared by ALPHV. "We are aware of claims of a ransomware attack and are urgently investigating," the spokesperson, who did not provide their name, told TechCrunch.
When asked by TechCrunch, a Barts Health spokesperson did not dispute that it was affected by a security incident that involved the exfiltration of data, nor did they dispute the legitimacy of the stolen data samples shared by ALPHV. "We are aware of claims of a ransomware attack and are urgently investigating," the spokesperson, who did not provide their name, told TechCrunch.
Had their chance (Score:1)
There was a project that span up just after wannacry to bring Linux to the NHS. It was abandoned shortly after sadly. Hopefully someone tactfully said "told you so" to the upper management.
https://www.nhsbuntu.org/ [nhsbuntu.org]
https://github.com/NHSbuntu/ww... [github.com]
Re: (Score:2)
Fact is active directory is the common component in wannacry and petna.
That and windows caching login tokens. Mimikatz still works.
Changing OS in this case would save the country in repairs and actual life since records are available for clinics.
Re: (Score:1)
Re: (Score:2)
Changing OS in this case would save the country in repairs and actual life since records are available for clinics.
hindsight, 20/20 etc
This happened before, happened now, and will happen again. MS Windows AD made poor design choices, stores login tokens and, shock horror, people get mad when their personal data is lost or stolen.
There's no hindsight to speak of, the more likely reason NHS is stuck on MS Windows is that someone at top-tier management has stock investment in MS. Why else?
Re: (Score:1)
Re: (Score:2)
https://en.wikipedia.org/wiki/... [wikipedia.org]
Once more, it exploited SMB not AD...
Interesting, ISTR it was wannacry and/or petna that used the stored token. Or was it wannamine, either way, that's still an unpleasant feature.
because theyre a woefully underfunded public service that has literal life or death consequences to fucking up a windows migration of something like a few million machines, you schizo
Replacing/rebuilding that network is less troublesome somehow?
Is that you billg ? (Score:1)
It's understandable why you would post anonymously
Re: (Score:2)
Not that I'm an expert, but I agree. Some big factors are simply, motivation and criminal mindsets. Meanwhile, most normal people are not operating their systems, developing their code, and practicing care, in all they do, as if they are in a warzone. Many are not that conscientious. And the workplace dilutes consequences. There's a whole wave of "not really bothered" out there. They don't recognise the need to be really careful, whilst criminals push their own talent and aims to get what they want. Who's g
Same Active Directory database for all? (Score:2)
Did they use the same AD database for all the hospitals? I wouldn't be surprised because that's how we got into considerable trouble at work.
Whoâ(TM)d have seen this coming (Score:2)
Re: (Score:3)
Re: (Score:2)
From what I have seen in my previous experience in Health Systems in the UK and Australia, there is a much stricter security and segregation on any system which contains patient information of any kind compared to normal day to day correspondence. The most patient information you would see on a document would be a surname and a URN identifier which will only yield personal info when you have access to the patient systems.
Re: (Score:2)
People copy documents, emails, etc. to shared drives, as evidence, and I'd guess for this amount of data, they accessed backups. NHS does have their own email system (declared safe for patient information) nhs.net which is Exchange based.
If it affected several hospitals, maybe whichever company was providing the backup solution and storage. Just guessing.
Should be illegal (Score:1)
It should be illegal for anyone other than the passport office to store a copy of your passport and it should be illegal for anyone other than the DVLA to store a copy of your driving license etc.
Otherwise this happens and those IDs become more of a liability then a help.
Re: (Score:1)
Re: (Score:2)
OK, since some idiot modded me as troll, let me re-iterate, these things do not need to be stored anywhere other than the original govt servers. Passports and Driving licenses have unique IDs, those could be non-reversably hashed and stored as proof that these have been checked for example for employment laws that require a person can lawfully to work in the country.
If you disagree then don't be a lazy fuck and mod me as troll, instead, explain why these documents need copies stored anywhere other than on t
Re: (Score:2)
I just go to MI6 and ask them to help me. Then they send 007 to spy for me.
Crypto Currency Investment Scam Recovery.. (Score:1)