Hacked hospital chain says all 250 US facilities affected(bleepingcomputer.com)
bleepingcomputer.com
Hacked hospital chain says all 250 US facilities affected
https://www.bleepingcomputer.com/news/security/uhs-hospitals-hit-by-reported-country-wide-ryuk-ransomware-attack/
34 comments
The article says "No patient or employee data appears to have been accessed, copied or otherwise compromised.". And yet the attack seems too have potentially attacked every computer in the health service. If they don't have patient or employee data on them, what do they use their computers for? Playing Tetris?
Disclaimer: I don't know how this specific chain does their security/it.
There are many ways the endpoints can be owned but not the data. One option common in healthcare is that the computers are dumb terminals for sessions on a remote server. Another is that to access the data you have to authenticate with a physical smart card.
As long as it's confirmed that the ransomware only attacked the endpoints and no active data exfil was attempted (or hasn't succeeded), the statement may be completely true.
There are many ways the endpoints can be owned but not the data. One option common in healthcare is that the computers are dumb terminals for sessions on a remote server. Another is that to access the data you have to authenticate with a physical smart card.
As long as it's confirmed that the ransomware only attacked the endpoints and no active data exfil was attempted (or hasn't succeeded), the statement may be completely true.
Starting to look like a pattern, this is several major companies getting ransomed in the last month. Probably organized crime. Ransoming a hospital is especially egregious, so I hope the perpetrators are caught.
Oh yeah, definitely that big bad organized crime. Evil people just being evil because they are evil, probably cackling right now, too.
Or maybe it's a moderately-skilled person in an underdeveloped country, who, despite being moderately skilled, has no legitimate opportunities. Maybe the person responsible even has mixed feelings about it. Who knows?
That poor US hospital, I'm sure it is a bastion of fairness and equality for all. I'm sure this wasn't facilitated by their own greed and negligence.
Save your pearl clutching for nextdoor. Here we like to understand the factors that lead to a particular outcome, rather than moralizing hysteria.
Or maybe it's a moderately-skilled person in an underdeveloped country, who, despite being moderately skilled, has no legitimate opportunities. Maybe the person responsible even has mixed feelings about it. Who knows?
That poor US hospital, I'm sure it is a bastion of fairness and equality for all. I'm sure this wasn't facilitated by their own greed and negligence.
Save your pearl clutching for nextdoor. Here we like to understand the factors that lead to a particular outcome, rather than moralizing hysteria.
Hysteria? Pearl clutching? What are you talking about? Get a grip.
When hospitals can’t access their information, people die. Some crimes are victimless; this isn’t. Actual innocent people are going to be harmed. Good grief. Get your priorities straight and stop trying to start flame wars.
When hospitals can’t access their information, people die. Some crimes are victimless; this isn’t. Actual innocent people are going to be harmed. Good grief. Get your priorities straight and stop trying to start flame wars.
I find the name Universal Health Services remarkably amusing for a private healthcare enterprise.
A friend points out that housing developments are often named after what they destroyed to put it there. "Shady Creek", "Deer Run", "Pleasantview"...
[deleted]
Nice burn. Indeed - the existence of private for profit healthcare creates incentives for sabotaging universal healthcare.
patriot act
Name for the business you want rather than the customer base you have.
edit: apologies for the jokey answer but it's a serious point. I don't think it's an ironic name for a private company at all. If I'm selling healthcare services of course I want 100% of people buying them from me, ideally with the only competition being my subsidiaries.
edit: apologies for the jokey answer but it's a serious point. I don't think it's an ironic name for a private company at all. If I'm selling healthcare services of course I want 100% of people buying them from me, ideally with the only competition being my subsidiaries.
They can always hope for the sweetheart public private partnership if we ever get universal health care
How so? "Universal healthcare" just mean everybody has healthcare. It doesn't mean it has to be provided by, or be paid for by the government. Several European countries (eg. Germany, Switzerland, Netherlands) all have universal healthcare that's at least somewhat privately funded.
Because universal healthcare is not a thing in the US, and this article is specifically referencing US hospitals.
The original comment seems to be referencing the fact that's it's a private enterprise, rather than the lack of universal healthcare in the US.
>[...] for a private healthcare enterprise.
>[...] for a private healthcare enterprise.
It's also about the lack of universal healthcare. It's a private enterprise that does not even aim to provide universal (as in "for everyone") health services.
Does everybody really have healthcare?
Does hacked mean they had their database open to the Internet again?
My understanding is this was a ransomware attack.
Probably someone just looking for how much an xray costs.
Instead got the whole database.
I guess they don't have db snapshots.
Or they don't want private information to be released. However, paying the ransom doesn't guarantee this.
The term "hospital chain" is so strange to me. Like a restaurant chain, but for health care?
It helps stop insurance companies and patients from playing them off eachother on price.
In other words, price fixing but legal.
Every time I see the “ Herfindahl-Hirschman Index” used to justify a merger or acquisition, I cringe.
[deleted]
More details in the Bleeping Computer article: https://www.bleepingcomputer.com/news/security/uhs-hospitals...
Ok, we'll change to that from https://apnews.com/article/virus-outbreak-malware-software-1.... Thanks!
What's up with the last few paragraphs of the article? Seems like a very awkwardly planted marketing blurb for Emsisoft.
because it is
also the linked article doesn't say anything about 250 facilities
think they intended to link this article: https://abcnews.go.com/Health/wireStory/hacked-hospital-chai...
also the linked article doesn't say anything about 250 facilities
think they intended to link this article: https://abcnews.go.com/Health/wireStory/hacked-hospital-chai...