One of the local hospitals had no access to medical records, surgeries had to be postponed. Today it is pharmacies which affects the ability of the public to get need medications. It took one hospital weeks to get back online. The FBI is pretty good at chasing windmills and apparently pretty poor at stopping cybercrime. Any ideas?

^^^^^^^^^^^^
Well who does?

The FBI is nothing more than the Gestapo/SS weaponized to destroy conservative political opponents. Nothing more.

quote:

Insulting someone for not being able to predict and stop a cybercrime attack, given the nature of cybercrime, is like me insulting you for not being able to time travel

^^^^^^^^^^^^
Huh? I guess you do not believe in prevention? I do not believe I insulted you. Bad day??

The reality is you can't stop hacking, any more than you can stop any other crime.

Even if we send the FBI to invade our enemies, Russia, Iran, North Korea, and China, and send an army of agents around the world to get the hackers for profit, this is not going away anytime soon.

They do have some guys around the world by it will never be enough.

Picture a wall.
Now this wall is covered with tens of thousands of ants all crawling around looking for a tiny ant size hole to get in from. They are crawling around 24/7/365. looking for that one tiny hole.

They never rest, they never stop, and if a few get killed off others take their place.

You just make one mistake, or make none but a vulnerability shows up that is not your fault.

In rush the ants.

This is the world of cyber security.

^^^^^^^^^^
Thank you for your response. Makes sense now

Companies are responsible for their own perimeter. There are tools and systems that can be deployed along with proper training for personnel.

A companies defenses are only as strong as their weakest link.

Everyone should leverage all the tools at their disposal and take a layer approach to security.

I don't know how long ago but a hospital fell victim to a ransomware attack that locked access to their system until they paid the ransom. I don't remember reading the outcome.

Good analogy.

My problem is when IT / Business go cheap with a chain link or picket fence when a brick wall is available. Or when there are known holes in the pre-fab brick walls that they don't quickly and proactively patch. Or when they just do the bare minimum and don't test for vulnerabilities.

Businesses seem to be going the cheap routes and then mea culpa with monitoring when they get breached.

Getting tired of the word games - 'we value your privacy' bullshit but don't try their best to actually protect it. If they have level 10 security and get breached, fine. That's life. But if they only do level 5 security and get breached, fired.

quote:

They never rest, they never stop, and if a few get killed off others take their place.

You just make one mistake, or make none but a vulnerability shows up that is not your fault.

Kyle Reece, 1984

What is the job of a government? To protect its citizens from attacks from foreign adversaries? To say businesses should bear the brunt of state sponsored attacks is moronic.

quote:

Originally posted by OttoSig:
The FBI doesn’t stop this type of cyber crime.

I have first hand knowledge of some of the excellent work the FBI does in this area, for healthcare entities and others within critical infrastructure.

What is your problem, OttoSig? Are you here to defend the Goddamned government? Are you here to police the language of others?

COOL IT

quote:

Originally posted by r0gue:

quote:

Originally posted by OttoSig:
The FBI doesn’t stop this type of cyber crime.

I have first hand knowledge of some of the excellent work the FBI does in this area, for healthcare entities and others within critical infrastructure.

I didn’t say they don’t have a part. I work directly with them also. Their main job is not to prevent foreign adversaries in the cyber crime arena. That falls to other agencies.

But, as has happened before, the ability to complain seems more important the ability to be right.

Yall enjoy. I’m outta here.

quote:

Originally posted by ZSMICHAEL:
The FBI is pretty good at chasing windmills and apparently pretty poor at stopping cybercrime.

There's really not much the FBI or any government agency can do to stop cybercrime, any more than they can stop bank robberies or your local law enforcement agency can prevent carjackings.

You know the old "Only you can prevent forest fires?" Same thing: Only you can prevent cybercrime.

quote:

Originally posted by ZSMICHAEL:
Any ideas?

Yes. This could be almost entirely eliminated if these companies weren't operating sensitive systems connected to LANs that are connected to the Internet.

But that would be expensive and inconvenient.

The next best thing they could do is choose more robust systems, better-configured, and better-administered, along with more robust border security.

That, likewise, would be expensive and, robust border security along with competent admins would also result in inconvenience when some PHB wanted an admin to drill a hole through border security for the latest whiz-bang gotta-have-it technological business marvel and the admin replied "Nope. Ain't gonna do it."

So, instead, they bumble-along kinda half-assed and this is what we get.

You may or may not believe this, but I "came of age" on the Internet when it was still quite new. Back then it was a kinder, gentler Internet. Nonetheless: My colleagues and I had a "take no prisoners" attitude about network security. The border security stance was "That which is not explicitly allowed is denied," and we allowed damn little. Slowly but surely we were obliged to abandon that for the sake of business convenience. We saw what's happening now coming a long way off. Some, rather than trying to continue to fight the good fight, left the field.

I stuck it out, kept fighting the fight, out of sheer bloody-minded determination, but I'm happy to be retired.

Baptist/Integris here in OKC got hit hard by that about 3 months ago.

Over 2 Million people/files were accessed. 2 flippin' million.

I'm especially pissed about this because when you go into one of the Baptist/Integris facilities they require a copy of drivers license and a whole lot of other data for the "purpose of data security". Bullshit!

I was in to see one of my Doctors 2 weeks ago. Another scan of my drivers license was demanded or they said I can't proceed. Flippin' bullshit! There are already plans among various law firms for class action lawsuits.

Baptist/Integris got the demand from the criminals to pay ransom, and many individuals received emails from the criminals stating if the individuals would pay them $50.00 they could get their medical files released to them or deleted from the original data snatch.

"Integris Health Confirms 2.39 Million Individuals Affected by Cyberattack
Posted By Steve Alder on Feb 13, 2024

Integris Health has completed the review of the files that were accessed/stolen in its November 2023 cyberattack and has reported the incident to the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) as affecting 2,385,646 individuals. The breach notices explain that the information stolen in the cyberattack varies from individual to individual and includes names in combination with one or more of the following: date of birth, contact information, demographic information, and/or Social Security number. Integris Health’s investigation confirmed that employment information, driver’s licenses, financial/payment information, and usernames/passwords were not accessed or stolen. Integris Health said it has reviewed and enhanced existing policies and procedures to reduce the likelihood of a similar future incident.

The lawsuits against Integris Health are mounting. One of the latest, Johnston v. Integris Health Inc., was filed in the U.S. District Court for the Western District of Oklahoma and names Teresa Johnson as lead plaintiff. The lawsuit alleges negligence for failing to implement reasonable and appropriate safeguards and seeks compensatory damages, punitive damages, nominal damages, restitution, injunctive and declaratory relief, and attorney fees and costs. The class action lawsuits make similar claims and and are based on the same facts, so they are likely to be consolidated into a single lawsuit."


You can click here for more of the article. LINK HERE this is just one of many articles about the situation.

Here is a NonDoc article LINK This one is an eye-opener.

To me, it seems to me that it's more important to pay CEO's and such people HUGE amounts of money and NOT to invest in more robust safety and security.

"They breached in November, the bad guys let me know in December, and I don’t hear anything from INTEGRIS until the start of the new year?” the man told NonDoc on the condition of anonymity. “It appears to me that INTEGRIS couldn’t organize a two-car funeral.”
.

quote:

Originally posted by OttoSig:
But, as has happened before, the ability to complain seems more important the ability to be right.

It's not your Goddamned place to say, about who here complains or doesn't complain, or how they complain, about whatever.

Every person- EVERY PERSON- who has read this board for any length of time, be they member or no, has come across things being said by others, that they don't like. Get it? Everyone.

If you wish to take exception to things being said, then state your case, but let me tell you- if you think it is your place in this forum to defend the monolithic government of the United States, your are way out of line.

You don't insult the members of this forum like that. You don't call them morons, and you damn sure don't make blanket statements condemning the tenor of this forum or the behavior of its members. I will not tolerate that. Never have, never will.

Get your Goddamned panties unbunched.

And I see you've come back in here and deleted your posts like a petulant child, and the result is that it makes members look like fools, talking to no one.

You get your shit together and you GROW UP!!!

It was a breach at a vendor that provides software systems for companies in all areas of healthcare: hospitals, pharmacies, etc. It was huge and even if a hospital or other business didn’t use the directly affected software, everyone that used this particular vendor was scrambling to lock down their networks. It caused mayhem all week and in certain sectors it’s still not 100% resolved. Can’t say more.

The same day that ATT got blasted , there were attacks on health care networks , and even one State agency here . I mentioned this on a certain oil forum and one of the Admins that happens to work for ATT got so pissed off that he banned me .Claimed that it was " conspiracy blather " . My source was solid but he got his feelings hurt when he put words in my mouth and I called him out on it .
There was a lot of unusual hacking attempts that day . More than the normal probing .