Connect with us

Technology

Hacker accessed ‘frail’ HSE system two months before ransomware attack

Voice Of EU

Published

on

A report found that the opening of a malicious email attachment gave an attacker access to the HSE’s system eight weeks before the ransomware attack.

There were “missed” opportunities to prevent the ransomware attack that hit Ireland’s health service earlier this year.

That’s according to a report commissioned by the Health Service Executive (HSE) board and carried out by PwC.

The report, released today (10 December), found that the attacker gained access to the HSE’s systems eight weeks before the ransomware was detonated.

They were able to achieve their objectives “with relative ease” due to the “frailty” of the HSE’s IT estate, according to the report, and there was a “lack of structures and processes in place to deal with the incident”.

‘Missed’ opportunities

In May of this year, the HSE was subjected to a cyberattack that infiltrated its IT systems using Conti ransomware. More than 80pc of IT infrastructure was affected and there were severe impacts on the health service in Ireland.

But according to the PwC report, the source of the cyberattack originated eight weeks earlier. An employee clicked on a malicious Microsoft Excel file that was attached to a phishing email sent on 16 March.

The attacker gained unauthorised access to the HSE’s system when that link was opened on 18 March, and operated in the system over an eight-week period leading up to the ransomware detonation on 14 May.

This included compromising a “significant number” of accounts with high levels of privileges, compromising a “significant number” of servers and exfiltrating data, the report found.

It added that there were several detections of the attacker’s activity by a number of hospitals in this period before the ransomware attack, but these did not result in a cybersecurity investigation by the HSE.

“As a result, opportunities to prevent the successful detonation of the ransomware were missed,” the report said.

‘Frail IT estate’

PwC said there were a number of mitigating factors that had a considerable effect in reducing the impact of the attack.

It found that the attacker used relatively well-known techniques and software to execute the attack, while a more sophisticated attack could have had a greater impact.

The release of the decryption key by the attacker on 20 May also allowed for an accelerated recovery process. The report said it is unclear how much data would have been unrecoverable without this development, as “the HSE’s backup infrastructure was only periodically backed up to offline tape”.

It pointed to the swift response to the incident, with HSE staff, State agencies and third parties going “above and beyond” to assist in the response and recovery.

But the report concluded that a low level of cybersecurity maturity combined with the “frailty” of the HSE’s IT systems enabled the attacker to achieve their objectives “with relative ease”.

“The HSE is operating on a frail IT estate that has lacked the investment over many years required to maintain a secure, resilient, modern IT infrastructure. It does not possess the required cybersecurity capabilities to protect the operation of the health services and the data they process from the cyberattacks that all organisations face today,” the report said.

“It does not have sufficient subject matter expertise, resources or appropriate security tooling to detect, prevent or respond to a cyberattack of this scale.”

‘Important lessons’

PwC said the HSE “remains vulnerable” to cyberattacks and made a number of recommendations in its report.

These include appointing a chief technology and transformation officer and a chief information security officer, enhancing its ICT strategy and implementing a cybersecurity transformation programme.

HSE CEO Paul Reid said the report was commissioned to assess how the cyberattack happened and to set out tactical actions needed next.

“The report sets this out in quite a lot of detail,” he added. “We have initiated a range of immediate actions and we will now develop an implementation plan and business case for the investment to strengthen our resilience and responsiveness in this area.”

The HSE said it has already started implementing recommendations in the report and begun engaging with the Department of Health to agree a multi-year ICT and cybersecurity transformation programme.

“It is clear that our IT systems and cybersecurity preparedness need major transformation,” added HSE chair Ciarán Devane.

“This report highlights the speed with which the sophistication of cybercriminals has grown, and there are important lessons in this report for public and private sector organisations in Ireland and beyond.”

Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.

Source link

Technology

Best podcasts of the week: what does the bloodsucking saga Twilight tell us about society? | Podcasts

Voice Of EU

Published

on

Picks of the week

The Big Hit Show
“Twilight is stupid; if you like it, you’re also stupid.” Why is there so much vitriol towards female Twihards? (Spoiler: misogyny.) In the first run of a series unpicking pop culture’s biggest moments – from the Obamas’ media company – Alex Pappademas starts by dissecting the wildly popular tale of teenage vampire love – and what the reactions to it say about us. Even if you’re not a fan, he raises some great questions. Hollie Richardson

Fake Psychic
Journalist Vicky Baker captivated listeners with Fake Heiress and now she investigates the fascinating story of Lamar Keene, the go-to spiritualist of 1960s America. When he hung up his questionable crystal ball he decided to reveal the tricks of supposed psychics, and Baker asks if that too was a con while pondering the authenticity of the psychics who followed. Hannah Verdier

Deep Cover: Mob Land
Animal lover, lawyer and switcher of identities Bob Cooley is the subject of Jake Halpern’s new season of the reliably mysterious podcast. Cooley was a top Chicago mob lawyer in the 70s and 80s, but what was the price when he offered to switch to the FBI’s side? This dive into corruption quizzes the key figures around him. HV

Chutzpod
This lively, engaging podcast attempts to “apply a Jewish lens to life’s toughest questions”. Hosts Rabbi Shira Stutman and one-time West Wing actor Joshua Malina cover topics ranging from reality TV shows to the Jewish “New Year of the Trees”, via the recent hostage stand-off at a synagogue in the Dallas suburb of Colleyville. Alexi Duggins

Backstage Pass with Eric Vetro
Eric Vestro is a vocal coach who’s worked with the likes of John Legend, Shawn Mendes, Camila Cabello and Ariana Grande. Here, he entertainingly lifts the curtain on their craft, talking to them about their journey in a manner that feels genuinely intimate given their pre-existing relationships. Expect some enjoyably daft voice exercises too. AD

Royally Flush investigates the monarchy’s relationship with the British slave trade.
Royally Flush investigates the monarchy’s relationship with the British slave trade. Photograph: Chris Radburn/Reuters

Chosen by Danielle Stephens

It’s fair to say that in the last couple of years the British monarchy has been put under a microscope for the way they handle their own family members, whether that be an heir to the throne and his American wife, or a prince embroiled in a civil sex abuse case. In a two parter titled Royally Flush, however, the Broccoli Productions’ Human Resources podcast goes back in time to investigate the royal family’s role in the slave trade in Britain, questioning how influential they were in trying to prevent abolition.

This is clearly a pandemic production as audio quality can sometimes be shaky, but the content is an important listen. As the country gears up to celebrate the Queen’s platinum jubilee, writer and host, Moya Lothian-McLean takes us on an unexplored trip down memory lane, presenting fascinating insights into why – despite ample evidence that the monarchy was historically instrumental in propping up the slave trade in Britain – we haven’t heard so much as a sorry coming from Buckingham Palace, according to the program maker.

Talking points

  • Never underestimate the skill that goes into making a good podcast. Over a year since Meghan and Harry’s audio production company Archewell signed a podcast deal with Spotify, they’ve only managed to release a single podcast. Hence, presumably the job ads Spotify posted this week, looking for full-time staff to help Archewell.

  • Why not try: Smartless | Screenshot

Get in touch

If you have any questions or comments about Hear Here or any of our newsletters please email newsletters@theguardian.com

Sign up to the Guide, our weekly look at the best in pop culture

Source link

Continue Reading

Technology

California’s net neutrality law dodges Big Telecom bullet • The Register

Voice Of EU

Published

on

The US Ninth Circuit Court of Appeals on Friday upheld a lower court’s refusal to block California’s net neutrality law (SB 822), affirming that state laws can regulate internet connectivity where federal law has gone silent.

The decision is a blow to the large internet service providers that challenged California’s regulations, which prohibit network practices that discriminate against lawful applications and online activities. SB 822, for example, forbids “zero-rating” programs that exempt favored services from customer data allotments, paid prioritization, and blocking or degrading service.

In 2017, under the leadership of then-chairman Ajit Pai, the US Federal Communications Commission tossed out America’s net neutrality rules, to the delight of the internet service providers that had to comply. Then in 2018, the FCC issued an order that redefined broadband internet services, treating them as “information services” under Title I of the Communications Act instead of more regulated “telecommunications services” under Title II of the Communications Act.

California lawmaker Scott Wiener (D) crafted SB 822 to implement the nixed 2015 Open Internet Order on a state level, in an effort to fill the vacuum left by the FCC’s abdication. SB 822, the “California Internet Consumer Protection and Net Neutrality Act of 2018,” was signed into law in September 2018 and promptly challenged.

In October 2018, a group of cable and telecom trade associations sued California to prevent SB 822 from being enforced. In February, 2021, Judge John Mendez of the United States District Court for Eastern California declined to grant the plaintiffs’ request for an injunction to block the law. 

So the trade groups took their case to the Ninth Circuit Court of Appeals, which has now rejected their arguments. While federal laws can preempt state laws, the FCC’s decision to reclassify broadband services has moved those services outside its authority and opened a gap that state regulators are now free to fill.

“We conclude the district court correctly denied the preliminary injunction,” the appellate ruling [PDF] says. “This is because only the invocation of federal regulatory authority can preempt state regulatory authority.

The FCC no longer has the authority to regulate in the same manner that it had when these services were classified as telecommunications services

“As the D.C. Circuit held in Mozilla, by classifying broadband internet services as information services, the FCC no longer has the authority to regulate in the same manner that it had when these services were classified as telecommunications services. The agency, therefore, cannot preempt state action, like SB 822, that protects net neutrality.”

The Electronic Frontier Foundation, which supported California in an amicus brief, celebrated the decision in a statement emailed to The Register.

“EFF is pleased that the Ninth Circuit has refused to bar enforcement of California’s pioneering net neutrality rules, recognizing a very simple principle: the federal government can’t simultaneously refuse to protect net neutrality and prevent anyone else from filling the gap,” a spokesperson said.

“Californians can breathe a sigh of relief that their state will be able to do its part to ensure fair access to the internet for all, at a time when we most need it.”

There’s still the possibility that the plaintiffs – ACA Connects, CTIA, NCTA and USTelecom – could appeal to the US Supreme Court.

In an emailed statement, the organizations told us, “We’re disappointed and will review our options. Once again, a piecemeal approach to this issue is untenable and Congress should codify national rules for an open Internet once and for all.” ®

Source link

Continue Reading

Technology

RCSI scientists find potential treatment for secondary breast cancer

Voice Of EU

Published

on

An existing drug called PARP inhibitor can be used to exploit a vulnerability in the way breast cancer cells repair their DNA, preventing spread to the brain.

For a long time, there have been limited treatment options for patients with breast cancer that has spread to the brain, sometimes leaving them with just months to live. But scientists at the Royal College of Surgeons Ireland (RCSI) have found a potential treatment using existing drugs.

By tracking the development of tumours from diagnosis to their spread to the brain, a team of researchers at RCSI University of Medicine and Health Sciences and the Beaumont RCSI Cancer Centre found a previously unknown vulnerability in the way the tumours repair their DNA.

An existing kind of drug known as a PARP inhibitor, often used to treat heritable cancers, can prevent cancer cells from repairing their DNA because of this vulnerability, culminating in the cells dying and the patient being rid of the cancer.

Prof Leonie Young, principal investigator of the RCSI study, said that breast cancer research focused on expanding treatment options for patients whose disease has spread to the brain is urgently needed to save the lives of those living with the disease.

“Our study represents an important development in getting one step closer to a potential treatment for patients with this devastating complication of breast cancer,” she said of the study, which was published in the journal Nature Communications.

Deaths caused by breast cancer are often a result of treatment relapses which lead to tumours spreading to other parts of the body, a condition known as secondary or metastatic breast cancer. This kind of cancer is particularly aggressive and lethal when it spreads to the brain.

The study was funded by Breast Cancer Ireland with support from Breast Cancer Now and Science Foundation Ireland.

It was carried out as an international collaboration with the Mayo Clinic and the University of Pittsburgh in the US. Apart from Prof Young, the other RCSI researchers were Dr Nicola Cosgrove, Dr Damir Varešlija and Prof Arnold Hill.

“By uncovering these new vulnerabilities in DNA pathways in brain metastasis, our research opens up the possibility of novel treatment strategies for patients who previously had limited targeted therapy options”, said Dr Varešlija.

Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.

Source link

Continue Reading

Trending

Subscribe To Our Newsletter

Join our mailing list to receive the latest news and updates 
directly on your inbox.

You have Successfully Subscribed!