[Dshield] got one
p.pe at btopenworld.com
Wed Feb 15 10:59:57 GMT 2006
Chris Wright wrote:
> Actually, you are not wrong there...
> The NHS in the UK has recently been installing site wide network access on
> most wards and offices to allow staff to access patient records/ patient
> care charts etc etc.(well, they've been trying to implement the scheme for
> ages and it is way way over budget).
> Nearly every machine has internet access and get this, on the ward where my
> wife worked, every single machine was infected with countless bots trojans
> and viri.
> And it was not an isolated incident.
> I wrote several times to the IT Admin at the hospital concerned and he
> stated that it was impossible. He backed down when I showed him the
> machines I was refferring too after he arranged to meet me for lunch one day
> (amazing what the threat of going to the local press did).
> They were installed by a 3rd party contractor who obviously bid the lowest
> price and installed no HW/SW protection whatsoever.
> Most of the staff would not use the computers because they were slow,
> (because of the amount of junk that was running on them).
> She left a few months back and I never did get to find out how they or if
> they solved it.
> I for one would not trust having my personal information on an NHS based IT
> system in any hospital.
> Especially with the idea of the network to allow all any NHS location to
> access data anywhere in the NHS system.
> It was downright outrageous. And when I say the lowest bidder won, I doubt
> it when you see how much money was being spent to roll out the new network.
> (I can't remember offhand the name of the system, but it was being pushed by
> Tony Blair as one of the success stories of the NHS modernisation).
> Every GP (Family Doctor) also had terminals in their practices that had
> access to the NHS system and no doubt these were as insecure as the ones in
> the hospital. They simply connected via ADSL or Cable access to the same
> I don't imagine it to be the case in every hospital, since that would be
> just downright unbelievable, but the North Hants Hospital in Basingstoke was
> amazingly lax when it came to network security.
>>From: list-bounces at lists.dshield.org
>>[mailto:list-bounces at lists.dshield.org] On Behalf Of
>>Sent: 14 February 2006 03:58
>>To: General DShield Discussion List
>>Subject: Re: [Dshield] got one
>>Hmm, here is a thought. How about we take a step back and
>>look at the IT security that was in place for a hospital? I
>>might understand if the hospital was specifically targeted by
>>the hacker, but a random net worm making its way into the
>>computers of an ICU? All the hospitals I know only offer
>>limited internet in the administrative/doctor offices and
>>completely remove access on the floors (for this exact
>>reason). I think the real question here is how could this
>>have happened in the first place?
>>Computer and Communication Services Department Milwaukee
>>School of Engineering
>>MSCE: Messaging & Security 2003
>>>From: list-bounces at lists.dshield.org [mailto:list-
>>>bounces at lists.dshield.org] On Behalf Of Mike Trahar
>>>Sent: Monday, February 13, 2006 3:06 PM
>>>To: list at lists.dshield.org
>>>Subject: [Dshield] got one
>>>has anyone seen this?
>>>I hope they hang them.
>>>Learn about Intrusion Detection in Depth from the comfort
>>of your own
>>>send all posts to list at lists.dshield.org To change your
>>>options (or unsubscribe), see:
>>Learn about Intrusion Detection in Depth from the comfort of
>>your own couch:
>>send all posts to list at lists.dshield.org To change your
>>subscription options (or unsubscribe), see:
> Learn about Intrusion Detection in Depth from the comfort of your own couch:
> send all posts to list at lists.dshield.org
> To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list
What's more important is access levels. Our local NHS trust even give
access to the cleaning staff through terminals within the group
/Nation wide database, your personal records are not safe from any Tom,
Dick or Harry with intent to pry.
More information about the list