Saturday, 13 May 2017

NHS held to ransom...


The latest news is full of reports of a massive ransomware attack on the NHS computer systems (and many others as well). Now this is not a new phenomenon, actually this type of cyber attack has been with us a while. It seems the process itself is quite simple. Due to inadequate safety/security, old software, no backup systems or even plain carelessness it is too easy to scan a whole range of IP addresses, looking for open gates to walk through (gates=ports). The choice is over 64,000 ports, take your pick.
So, too easy to install a bit of software that encrypts the hard drives and stops access. Hey, I am doing that myself as well! I encrypt my own hard drives! To decrypt you will need a 256bit password. Now why do businesses and the NHS which is in charge of some highly sensitive data (medical records) not think more about how they set up systems? Ditch Windows altogether and use Linux? Have proper back-up systems, possibly using NAS (Network Attached Storage). Even a simpleton like myself uses a NAS! Cheap, a few terabytes attached to a router. Cost no more (at least for a single user) then £50 or so. Using backups then is very simple and takes no more than an hour of your time. Linux backup programs such as Deja-Dup are easy to administer and set-up. But OK I realise the NHS stuff is somewhat bigger but the principles are exactly the same!
Security is not being taken seriously enough and now we can see where that will end. In tears mostly. But more worrying is the fact that our medical records will be for sale at some time in the near future. I hope mine will be interesting to the Russians? Yes, I am taking some high blood-pressure remedy, what of it? Can you do it cheaper and better, let me know.

No comments:

Post a comment