At least it appears that way tonight , last Thursday at 12;00am the system was hacked and the hospital cant get back online . They operate 8-9 satellite clinics throughout So Ohio and 1-2 in Ky . They diverted ambulances from their ER for several days , cant do same day surgeries , cant access old records . Its a terrible mess . They are still down as of tonight , they used Meditek or Meditech ( sp ?) . I've never known a company get hacked like this .
Local hospital loses computer system to ransom ware .
- Thread starter ManitouDan
- Start date
This sort of thing has been happening more and more.. but to companies that aren't doing AS important and life-threatening work as hospitals/medical. Diverting ambulances is scary ****.
Upgrade all your systems and apps when you can, and keep things up to date.. Create unique passphrases that are complex to brute force, but something you can remember and that you won't resort to writing it down... don't use outdated technology..
A lot of these attacks can be avoided if our IT and Security teams are competent, trained and funded. I know first hand all too well. You can Google some good case studies on how companies like SolarWinds messed up. Gott start taking this stuff seriously.
Upgrade all your systems and apps when you can, and keep things up to date.. Create unique passphrases that are complex to brute force, but something you can remember and that you won't resort to writing it down... don't use outdated technology..
A lot of these attacks can be avoided if our IT and Security teams are competent, trained and funded. I know first hand all too well. You can Google some good case studies on how companies like SolarWinds messed up. Gott start taking this stuff seriously.
March 2020, right before COVID, UKHC got hacked by Bitcoin miners. Luckily all they wanted was the Citrix servers to mine coins. No patient data was lost or accessed. Could have been MUCH worse, especially during the beginning of this awful pandemic.
If there were more *** whippings this wouldn't be happening.
There’s going to be a bunch of rethinking about how many networked computers access the internet in the future.
Password requirements aggravate me.
One wants a capital letter, number, and must be 8 characters long. Another must have a symbol, be 12 characters, and no numbers. Then the next will a capital letter, a number, and no symbols. Of course none of them will let you use a previous password.
I've got so many passwords I can't keep up with which ones go to which site. Then I have to reset it to log in, and go through several options before finding one that meets the criteria. By the next time I go to log in, I've forgotten it because I didn't realize which requirements this particular site has for their passwords.
I know they are needed, and too many people use stupid **** like their name or address, but there has to be a better way to do it.
Cant imagine the amount of money being lost each day . Or amount in the future .
US warns that Iranian government-sponsored hackers are targeting key US infrastructure
https://www.cnn.com/2021/11/17/politics/us-iran-hackers-warning/index.htmlIran is nothing but a boil or pimple on the world , should be dealt with in the most severe ways . Like erase them .
We need to get away from all the different "capital/lower/number/symbol/only these symbols" requirements and just make the length of passwords longer. Basically, instead of a password you have a pass phrase. First time I read about this idea was on XKCD. Make a minimum of like 20 characters, no restrictions on what must be included. Ban common known phrases. Problem is that you probably don't ban an exhaustive list of known phrases that people could use as possibilities to crack a pass phrase, so there'd be a place to start there. Works best if you pick a nonsense phrase like the example in the comic, but you then again have to trust the user to not make it "four score and seven years ago."
^^^ Need more two-factor authentication and greater user awareness + education regarding phishing schemes.
If you lived in Russia, China, North Korea or Iran why would you not try to be a hacker? All you’ve got to do is kick back the appropriate “authority” and you’re set. No repercussions. No penalties.
As the old adage goes, the only time you truly know you didn't spend enough on IT/InfoSec is when you are hacked.
The biggest problem I see is that every organization is only as strong as its weakest link. We all know co-workers who will absolutely click on anything and enter their credentials into any online form without giving it a second thought. So, no matter how aware and proactive you and I are, we are all farked because John in accounting is a an absolute idiot.
It is annoying.. its especially annoying when some of these apps DONT want certain characters, so you have to reduce what you've been used to using.. but every day, these companies are making you use complex passwords and its only gonna be more prevalent.
You can use something like Evernote or a password program, but if those every get compromised... oof.
What I would do is start using a passphrase.. say you love the movie Tombstone and you're also a Rolling Stones fan.. your pw could be "R0lliNgT0mbStone86!"
Make it as complex with caps and symbols as you want.. but the point is that it has length AND you can remember it. Once you type that in for a month and on a regular basis it will stick in your head. It's better than something that just random, which you won't remember as easily, and therefore you will write it down. Use the above password for all your stuff and it should be fine for all but the stingiest apps.
Happened to another large medical group in ky a few years ago. Don't think it ever made the news.
Right now companies are fighting it with insurance, personnel, and additional compliance training. Interesting to see where the breaking point is, but we are yet to reach it.
Pretty much what I've said (and similar to what I've used, though for low-risk things like logging in here I use a very old and very basic password), though of course it's recommended that you use a unique password for every site (I don't, but each bank/financial login is a unique password, they just all follow a theme).
So what I do for that, and it's not perfect.. but I add the initials of the platform to the password. So for Bank Of America, I add "BA" to the end. Sure, not much more complex.. But with the right length, at least it won't be susceptible to bruteforce, and its different enough if the prefix password somehow got compromised, they still wouldn't be able to get into things as easily.
I have a base part of the password that I combine with something related to the entity for which I am making the password. So lets say the base part is my address growing up: 6095Elm (made up), and I am purchasing a Logitech keyboard and mouse from Staples, I would make my password for the account I create at Staples Logitech!6095Elm (throwing in the exclamation point for good measure). If I forget, I look back in my e-mails and remember what I purchased before to help jog my memory.
I would not use the same password for multiple accounts, make every password unique. I've had 10-15 accounts that were part of data breaches over the years, so that password I used to use for everything before wising up has been floating around for decades. And you know the next data breach is just a matter of time, so you will get in trouble eventually using the same password for everything.
Also, the risk of writing down your password and keeping it in a secure place is pretty minimal, but my advice would be to NOT store such info in any electronic medium.
I would not use the same password for multiple accounts, make every password unique. I've had 10-15 accounts that were part of data breaches over the years, so that password I used to use for everything before wising up has been floating around for decades. And you know the next data breach is just a matter of time, so you will get in trouble eventually using the same password for everything.
Also, the risk of writing down your password and keeping it in a secure place is pretty minimal, but my advice would be to NOT store such info in any electronic medium.
What do you put before the BA? I promise I wont search sites
One of our suppliers system got hacked. We had no communication with them other than by phone. It almost put them out of business.
I know it would be a pain but maybe certain industries shouldn't have their whole system networked. Just have it localized and send in updates next day air to a centralized system. What else can you do unless you hire hackers to work for you to protect your system? It seems like the hackers are always better at this than the security professionals that are against them.
You guys should share more information on your passwords. 
I think companies of all types and sizes are starting to take this more seriously. The last 3 companies I worked for, all grew their Security and compliance departments fairly substantially.. 2 of those departments saw greater growth than IT itself (although there's admittedly some crossover between).
I think these hacks have been eye-opening for execs. They can literally cripple a company. Just one guy. From his living room. So actions are being taken to curb this.. from more mandatory employee training, to bolstering these departments, to spending on the right technology.
In the last 3 years at my company, I've spent much of my time doing work to help mitigate the risks and harden systems. I feel substantially more confident in these systems than I did at my last few places where we were only STARTING to take it serious (and myself taking it more seriously, admittedly). And those small but effective things I mentioned in my first post, go a real long way in stopping attackers.
As for the next-day air thing.. it would be costly for shipping, and you'd need some sort of IT professional (or at least data entry person) at all locations. I dont see us ever going backwards from how much we're interconnected over copper and fiber. Just have to harden the systems that receive and encrypt the channels we send on. So many of the attacks we see are just pure negligence and laziness. For example, I keep our Exchange Email servers running on versioning system that's "N-1" which means "the current version or the most previous stable version".. So I basically keep my boxes about as up to date as possible... I've seen far too many examples of people who are 10-15-20 versions old, admins who dont even do regular patches. That's just a total no-no. But it's stuff like this that's getting fixed.
Totally.You guys should share more information on your passwords.
Oh, hey, try this funny thing I found on social media. Your rap name is your mother's maiden name and your social security number. Type it below.
Your first car was a _______?
Your porn name is your middle name plus the street you grew up on. What’s yours?
(Looks in comments.)
196K boomers have responded
I would be in for public floggings along with prison time once these people are caught. Then a flogging once every quarter in prison until time served. Would definitely deter future hackings.
It's like that football player in that video beating up his ex-girlfriend. I sentence you to three rounds with Tyson Fury.