Connect with us

Technology

Ransomware attack disrupts Irish health services | Ireland

Voice Of EU

Published

on

Ireland’s state health services provider has shut all its IT systems and cancelled some medical appointments after what it described as a “significant ransomware attack” overnight caused widespread disruption.

Paul Reid, the Health Service Executive chief executive, told RTÉ there had been a “human-operated” attempt to access data stored on central servers for a presumed ransom. “There has been no ransom demand at this stage. The key thing is to contain the issue. We are in the containment phase.”

Reid said the HSE was working with police, the defence forces and third-party cybersecurity experts to respond to what he termed an “internationally operated criminal operation”. He apologised to patients and the public for the disruption.

The attack has affected national and local systems that provide core services, but not Covid-19 vaccinations or ambulance services.

Quick Guide

What is ransomware?

Show

Ransomware is the most common form of criminal malware currently in use. Targets are commonly infected through malicious emails, which may trick them into downloading and running the software, or through exploiting vulnerabilities in other software such as Adobe Flash. When the ransomware program is activated, it encrypts the user’s hard drive with a single use encryption key, before flashing up a message asking for ransom, typically in the form of a payment in the cryptocurrency Bitcoin.

Usually, although not always, paying the ransom really does restore access to the encrypted files, which means that many businesses and organisations have found themselves funding the criminal outfits that launch ransomware attacks. Even organisations that regularly back up their data have been known to pay the ransom, since the time required to fully restore a large and complicated network from a back-up can be many days, during which no business can be done.

WannaCry, one of the most famous pieces of ransomware, managed to freeze much of the NHS in May 2017. The malware made use of a vulnerability in Microsoft’s Windows operating system to spread automatically between computers, allowing it to rapidly traverse the globe. The attack was launched by a cybercrime group dubbed Lazarus by researchers, which is believed to be a state-backed outfit run by the North Korean government.

Most ransomware attacks are very different from WannaCry, involving highly targeted infections of big targets who are likely to pay a high ransom to receive their data back in good time.

Alex Hern

Several hospitals cancelled outpatient visits or urged patients with appointments not to attend. The Rotunda, a Dublin maternity hospital, said it was experiencing a “critical emergency” and cancelled all outpatients visits except for women who were more than 35 weeks pregnant.

The oncology department at Cork university hospital was reportedly paralysed. The child and family agency Tusla said its IT systems, including email, internal systems and the portal through which child protection referrals are made, were not working.

Earlier this week hackers crippled the Colonial petrochemical pipeline that stretches from Texas to New York, causing fuel shortages and states of emergency to be declared in four states. The company reportedly paid a $5m ransom fee. A group of cybercriminals called Darkside claimed responsibility for the attack.

Fergal Malone, the master of the Rotunda, said the hospital discovered unusual activity in its IT systems at about 2am and later detected what appeared to be a ransomware virus. “We use a common system throughout the HSE in terms of registering patients and it seems that must have been the entry point or source,” he told RTÉ. “It means we have had to shut down all our computer systems.”

All patients were safe and the hospital had contingency plans to operate using a paper-based system, he said. “We have systems in place to revert back to old-fashioned record-keeping.” Lifesaving equipment was not affected. “Patients will come in in labour over the weekend and we will be well able to look after them.”



Source link

Technology

UK competition watchdog unveils advice for antivirus firms • The Register

Voice Of EU

Published

on

The UK’s Competition and Markets Authority (CMA) has unveiled compliance principles to curb locally some of the sharper auto-renewal practices of antivirus software firms.

The move follows the watchdog baring its teeth at McAfee and Norton over the issue of automatically renewing contracts.

The CMA took exception to auto-renewal contracts for antivirus software that customers in the UK signed up for and found difficult to cancel. Refunds and clearer pricing information (including making sure consumers were aware that year two could well end up considerably costlier than the first) were the order of the day.

Today’s principles build on that work, and are aimed at helping antivirus companies toe the line where UK consumer law is concerned. They are a bit more detailed than a simple “stop being horrid.”

The focus remains on auto-renewing contracts, where a customer signs up for a fixed period, then is charged again for subsequent periods. The CMA acknowledges that such arrangements are convenient, but they risk the consumer being locked into an agreement they no longer want or that they get stung with higher fees at renewal time.

While the principles are intended to be helpful, lurking in the background is consumer law and the threat of a potential trip to court for vendors stepping out of line.

First up comes a requirement to make sure customers are informed about auto-renewal, rather than hiding the detail in an End User Licence Agreement (EULA) or burying it in hard-to-read text through which a user must scroll.

Price claims must be “accurate” and “not mislead your customers” – so only show discounts against the normal price. It must also be possible to turn off the auto-renew easily, keep auto-renew turned off once it is off and, if on, make sure customers are reminded in good time that an auto-renew will happen.

Getting a refund must be easier and customers should be able to change their mind when auto-renewal happens. If the customer has stopped using the product, safeguards are needed around auto-renewal.

The last principle could pose a few challenges – how does a vendor become aware that a customer is not using its product? The suggestion from the CMA is to check if software updates are being received rather than simply charging users year after year.

The Register contacted McAfee and Norton for their thoughts on the principles, and will update should the companies respond. ®

Source link

Continue Reading

Technology

Grocery start-up Gorillas raises nearly $1bn in round led by Delivery Hero

Voice Of EU

Published

on

Just a few months after hitting unicorn status, Gorillas has raised another major round of funding from big-name investors.

German start-up Gorillas has raised nearly $1bn to expand its on-demand grocery delivery business.

The Series C funding round was led by Delivery Hero, the German food and grocery delivery giant that recently took a stake in Deliveroo.

Gorillas also received backing from existing investors including Coatue Management, DST Global and Tencent, as well as new investors G Squared, Alanda Capital, Macquarie Capital, MSA Capital and Thrive Capital.

The fresh funding comes just a few months after the company’s $290m Series B, which brought its valuation to more than $1bn.

Gorillas was founded in Berlin in 2020 by Kağan Sümer and Jörg Kattner, promising grocery deliveries in as little as 10 minutes.

It now operates more than 180 warehouses and has expanded to more than 55 cities in nine countries, including Amsterdam, London, Paris, Madrid, New York and Munich.

The company plans to use the latest funding for its next phase of development. This includes reinforcing its footprint in existing markets and investing in operations, technology and marketing.

“The size of today’s funding round by an extraordinary investment consortium underscores the tremendous market potential that lies ahead of us,” said Sümer, who is CEO of the start-up.

“With Delivery Hero, we have chosen a strong strategic support that is deeply rooted in the global delivery market, and is renowned for having unique experience in sustainably scaling a German company internationally.”

On-demand grocery delivery is a growing area in Europe that’s attracting investor attention.

Swedish start-up Kavall raised $5.8m in August, Czech player Rohlik hit unicorn status after its €100m Series C round in July, and Spain’s Glovo secured a €450m Series F round in April to expand in the grocery market.

Gorillas differentiates itself from other players in the market, such as Deliveroo, by employing its delivery drivers rather than relying on gig workers.

However, as the start-up has scaled rapidly over the past year, it has seen delivery workers protest over working conditions and pay, and been put under the spotlight for its treatment of employees.

Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.

Source link

Continue Reading

Technology

ICO to step in after schools use facial recognition to speed up lunch queue | Facial recognition

Voice Of EU

Published

on

The Information Commissioner’s Office is to intervene over concerns about the use of facial recognition technology on pupils queueing for lunch in school canteens in the UK.

Nine schools in North Ayrshire began taking payments for school lunches this week by scanning the faces of their pupils, according to a report in the Financial Times. More schools are expected to follow.

The ICO, an independent body set up to uphold information rights in the UK, said it would be contacting North Ayrshire council about the move and urged a “less intrusive” approach where possible.

An ICO spokesperson said organisations using facial recognition technology must comply with data protection law before, during and after its use, adding: “Data protection law provides additional protections for children, and organisations need to carefully consider the necessity and proportionality of collecting biometric data before they do so.

“Organisations should consider using a different approach if the same goal can be achieved in a less intrusive manner. We are aware of the introduction, and will be making inquiries with North Ayrshire council.”

The company supplying the technology claimed it was more Covid-secure than other systems, as it was cashless and contactless, and sped up the lunch queue, cutting the time spent on each transaction to five seconds.

Other types of biometric systems, principally fingerprint scanners, have been used in schools in the UK for years, but campaigners say the use of facial recognition technology is unnecessary.

Silkie Carlo, the director of Big Brother Watch, told the Guardian the campaign group had written to schools using facial recognition systems, setting out their concerns and urging them to stop immediately.

“No child should have to go through border-style identity checks just to get a school meal,” she said. “We are supposed to live in a democracy, not a security state.

“This is highly sensitive, personal data that children should be taught to protect, not to give away on a whim. This biometrics company has refused to disclose who else children’s personal information could be shared with and there are some red flags here for us.”

The technology is being installed in schools in the UK by a company called CRB Cunninghams. David Swanston, its managing director, told the FT: “It’s the fastest way of recognising someone at the till. In a secondary school you have around about a 25-minute period to serve potentially 1,000 pupils. So we need fast throughput at the point of sale.”

Live facial recognition, technology that scans crowds to identify faces, has been challenged by civil rights campaigners because of concerns about consent. CRB Cunninghams said the system being installed in UK schools was different – parents had to give explicit consent and cameras check against encrypted faceprint templates stored on school servers.

A spokesperson for North Ayrshire council said its catering system contracts were coming to a natural end, allowing the introduction of new IT “which makes our service more efficient and enhances the pupil experience using innovative technology”.

They added: “Given the ongoing risks associated with Covid-19, the council is keen to have contactless identification as this provides a safer environment for both pupils and staff. Facial recognition has been assessed as the optimal solution that will meet all our requirements.”

The council said 97% of children or their parents had given consent for the new system.

A Scottish government spokesperson said that local authorities, as data controllers, had a duty to comply with general data protection regulations and that schools must by law adhere to strict guidelines on how they collect, store, record and share personal data.

Hayley Dunn, a business leadership specialist at the Association of School and College Leaders, said: “There would need to be strict privacy and data protection controls on any companies offering this technology.

“Leaders would also have legitimate concerns about the potential for cyber ransomware attacks and the importance of storing information securely, which they would need reassurances around before implementing any new technology.”

Source link

Continue Reading

Trending

Subscribe To Our Newsletter

Join our mailing list to receive the latest news and updates 
directly on your inbox.

You have Successfully Subscribed!