This keeps happening and has been happening for several years now; why isn’t more being done to improve security and find the criminals? I can’t walk into a hospital with so much as a pocket knife because of physical security concerns, but cybercriminals keep taking down a new system seemingly every week, and this article says the software used has been seen for years now.
I work in I.T. for a healthcare company. Ascension is a pretty large one. The bigger a company gets and the faster it grows, the more it takes on a diversity of varying technologies that all need to be managed, migrated, killed off, merged, hardened, etc. It’s a difficult job especially for healthcare. I know that the company I work for is working very hard to keep up with things, but it’s a logistical nightmare. You MUST have very smart people in charge that have the right priorities. You have to have information channels open to make sure administration knows what the potential issues are. Compartmentalization of information and access. There are so many potential points of failure it’s insane. And then there’s the most important thing of all: making sure all employees are educated enough that they don’t let their credentials get compromised.
Things are getting worse in general because of how hard it is to stay on top of everything nowadays. I just recently got a couple of letters in the mail about my info being leaked by some companies that had my info. I just have to do my part to stay on top of my own responsibilities, watch my own identity and finances, and make sure those around me are being secure, as well. Everybody needs to know how important this is, and many do, but I don’t think enough people really understand or make it a priority.
HHS is instituting new rules for healthcare (and other industries) to help track and respond to these things. The government is getting very involved with this now. I hope it helps.
I’m in IT in a healthcare-adjacent sector. Never underestimate the motivation or tenacity of foreign state actors, organized crime and chaotic neutral hacking collectives. You have limited time and budget, and both financial and risk based approval processes to deal with. They have time, ideology¹, and financial incentives.
You can’t win in the face of that.
¹ sometimes it’s hacking for hackings sake, but more typically it’s to disrupt critical services and extort modest capital to go away. Rinse, repeat, make that bank on volume.
If a hospital can’t operate because some asshole was able to remotely hack it bad enough to basically shut it down, we might need to rethink how things are run.
This also doesn’t just happen and is apparent. They probably spent way too much time trying to fix the problem before diverting to older ways while the problem is being diagnosed and fixed.
Some hospital networks just continue to operate slower to the detriment of their patients and just lie to everyone so that nobody finds out they were hacked.
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !technology@lemmy.world
This is a most excellent place for technology news and articles.
This keeps happening and has been happening for several years now; why isn’t more being done to improve security and find the criminals? I can’t walk into a hospital with so much as a pocket knife because of physical security concerns, but cybercriminals keep taking down a new system seemingly every week, and this article says the software used has been seen for years now.
I work in I.T. for a healthcare company. Ascension is a pretty large one. The bigger a company gets and the faster it grows, the more it takes on a diversity of varying technologies that all need to be managed, migrated, killed off, merged, hardened, etc. It’s a difficult job especially for healthcare. I know that the company I work for is working very hard to keep up with things, but it’s a logistical nightmare. You MUST have very smart people in charge that have the right priorities. You have to have information channels open to make sure administration knows what the potential issues are. Compartmentalization of information and access. There are so many potential points of failure it’s insane. And then there’s the most important thing of all: making sure all employees are educated enough that they don’t let their credentials get compromised.
Things are getting worse in general because of how hard it is to stay on top of everything nowadays. I just recently got a couple of letters in the mail about my info being leaked by some companies that had my info. I just have to do my part to stay on top of my own responsibilities, watch my own identity and finances, and make sure those around me are being secure, as well. Everybody needs to know how important this is, and many do, but I don’t think enough people really understand or make it a priority.
HHS is instituting new rules for healthcare (and other industries) to help track and respond to these things. The government is getting very involved with this now. I hope it helps.
I’m in IT in a healthcare-adjacent sector. Never underestimate the motivation or tenacity of foreign state actors, organized crime and chaotic neutral hacking collectives. You have limited time and budget, and both financial and risk based approval processes to deal with. They have time, ideology¹, and financial incentives.
You can’t win in the face of that.
¹ sometimes it’s hacking for hackings sake, but more typically it’s to disrupt critical services and extort modest capital to go away. Rinse, repeat, make that bank on volume.
If a hospital can’t operate because some asshole was able to remotely hack it bad enough to basically shut it down, we might need to rethink how things are run.
They can operate, just slower. Life threatening gets priority, the rest are diverted to nearby hospitals.
Think of when your gps shuts down. You can navigate by paper map, just slower and you need to pay more attention to avoid mistakes.
This also doesn’t just happen and is apparent. They probably spent way too much time trying to fix the problem before diverting to older ways while the problem is being diagnosed and fixed.
Some hospital networks just continue to operate slower to the detriment of their patients and just lie to everyone so that nobody finds out they were hacked.