
German Hospital Hacked, Patient Taken to Another City Dies - kerng
https://www.securityweek.com/german-hospital-hacked-patient-taken-another-city-dies
======
ginko
Hospitals are designed to operate without power by adding generators on-site.

Surely there should be some thought put into how to operate a hospital in case
of a network/IT outage.

~~~
curryst
I think there are no plans because the risk the backup procedures create is
high enough to make it more prudent to just shut down.

Miscommunications in hospitals are a significant risk, even with EHR (thus the
original requirements for EHR). If we assume a full IT outage, then EHR is
effectively a non-option. That means we're probably back to using paper.
Except now, no one uses paper outside of emergencies, so the original risk of
miscommunication with paper is now compounded by the lack of familiarity with
it. That problem is going to get worse over time as the medical personnel who
used to work entirely on paper retire and are replaced with younger people who
have never worked on paper outside of emergencies.

Redundant systems are also harder to create for IT outages vs generators.
Generators are simply providing an alternate source of a basic substance. In
IT outages you have to consider supplying alternate sources of substances
(Kubernetes is an example, as it manages many sources of CPU and network) as
well as circumstances where the well of your substance is poisoned (i.e.
someone put an infected file in an S3 bucket, or someone is running SQL
injection attacks). Solving the first problem is easy, with things like high
availability, Kubernetes, etc. The second problem still seems to be an open
question; I've never seen a solution that really addressed it other than to
backup frequently and try to make sure that your time to recovery is low.

I think the more sensible solution is to pursue what we're doing currently,
and change your SLA from "hospital is available to patients" to "medical
service is available to citizens within X minutes". We have redundancy in the
form of multiple hospitals. Each hospital should be as reliable as possible,
but a hospital failing is inevitable under some circumstances. Then we just
need to focus on maximizing the efficiency with which we route patients to
hospitals. The article says it took an hour to make a 20 mile drive. There has
to be a way to improve that

------
pwinnski
Periodic reminder that trolling, griefing, etc, are not always just fun and
games, I guess.

~~~
OneGuy123
To mistake an attack on a hospital with trolling is stupid and can only be
done in bad faith by someone who wishes to censor the internet.

~~~
pwinnski
I'm sorry you got hung up four words into my comment and were so upset you
couldn't continue on to words five and beyond. I am amazed at your ability to
divine, from four words alone, my passionate desire to censor the internet,
whatever that means.

Or, you know, a hack that includes no ransom demand could easily be what is
commonly called "griefing" (word #5), or perhaps something else in a similar
vein, aka "etc" (word #6), and as I said, are _not_ lighthearted fun, despite
being activities often engaged in by people who don't consider the effect of
their actions on others.

It occurs to me now that pretending to deliberately misread my comment as the
opposite of what it actually says is first-class trolling of the fun and games
variety. Well done, you! Odd context, given the severity of the issue at hand,
but carry on.

------
s9w
The patient died because of bad IT. The affected software was citrix I think.

~~~
nickff
No, the hospital was held ransom, and a patient died because of a ruthless
criminal's greed. I understand that there is a desire to improve security, but
it does not mean that 'hackers' are innocent.

~~~
bmn__
No, your parent poster is correct. Blame goes to the negligent persons
responsible for the IT system and everyone else up the chain. They are at
fault for getting in the first place into the situation where the ransom
attack was possible. The state prosecution should have a field day.

To make this crystal clear: they did not patch their software that was already
vulnerable for half a year, and there was no supervision to enforce it getting
done.

------
luckylion
Somebody remind me: why does a hospital need to have their critical
infrastructure interfacing with the public internet?

~~~
freepor
Hospitals need to be connected. They need to send and receive EMRs from other
hospitals. They need to receive security updates for their own software (eg
Windows has a Bluetooth vulnerability... someone could hack from inside).
Medical providers need to look up information and consult doctors in other
areas if a patient is being transferred.

The solution here does not need to be “operate hospitals in digital
isolation.”

~~~
luckylion
I'd argue that hospital computers shouldn't even have Bluetooth, but that
aside, you can still achieve outgoing communication without allowing incoming
communication. Yes, a hacker might break into an office, hold an employee at
gun point and gain access to their account and then move laterally, but that's
a very different threat model than "somebody ran an exploit scanner on the
university's AS and encrypted our servers".

