Cyberattack Hits England's National Health Service With Ransom Demands (theguardian.com) 202
Hospitals across England have been hit by a large-scale cyber-attack, the NHS has confirmed, which has locked staff out of their computers and forced many trusts to divert emergency patients. The IT systems of NHS sites across the country appear to have been simultaneously hit, with a pop-up message demanding a ransom in exchange for access to the PCs. NHS Digital said it was aware of the problem and would release more details soon. Details of patient records and appointment schedules, as well as internal phone lines and emails, have all been rendered inaccessible. From a report: "The investigation is at an early stage but we believe the malware variant is Wanna Decryptor. At this stage we do not have any evidence that patient data has been accessed. We will continue to work with affected organisations to confirm this. NHS Digital is working closely with the National Cyber Security Centre, the Department of Health and NHS England to support affected organisations and to recommend appropriate mitigations. "This attack was not specifically targeted at the NHS and is affecting organisations from across a range of sectors. "Our focus is on supporting organisations to manage the incident swiftly and decisively, but we will continue to communicate with NHS colleagues and will share more information as it becomes available." NPR adds: The problem erupted around 12:30 p.m. local time, the IT worker says, with a number of email servers crashing. Other services soon went down -- and then, the unidentified NHS worker says, "A bitcoin virus pop-up message had been introduced on to the network asking users to pay $300 to be able to access their PCs. You cannot get past this screen." The attack was not specifically targeted at the NHS and is affecting organizations from across a range of sectors, it appears. The report adds: Images that were posted online of the NHS pop-up look nearly identical to pop-up ransomware windows that hit Spain's Telefonica, a powerful attack that forced the large telecom to order employees to disconnect their computers from its network -- resorting to an intercom system to relay messages. Telefonica, Spain's largest ISP, has told its employees to shut down their computers.
Update: BBC is reporting that similar attacks are being reported in the UK, US, China, Russia, Spain, Italy, Vietnam, Taiwan today.
Update: BBC is reporting that similar attacks are being reported in the UK, US, China, Russia, Spain, Italy, Vietnam, Taiwan today.
General VLAN... (Score:5, Interesting)
Re:General VLAN... (Score:4, Interesting)
Sounds like the General VLAN got hit. Critical medical systems should be on a separate and restricted VLAN. I'm a bit surprised that VOIP phones weren't isolated from this.
I don't know how things are in the U.K., but I spent a few years working in hospital IT in the U.S. The phones used in patient rooms had to be discarded after ever discharge because of fears of contamination, meaning that it was incredibly expensive to have a rotation of phones coming and going. This made it difficult to transition away from the old analog phone system that was in use.
I didn't get involved with the telephony side of things, so I'm not sure if this entire process was logical or not. I'm not sure how difficult it is to disinfect a phone.
Re: (Score:2)
The phones used in patient rooms had to be discarded after ever discharge because of fears of contamination, meaning that it was incredibly expensive to have a rotation of phones coming and going. This made it difficult to transition away from the old analog phone system that was in use.
Interesting. The few hospitals I've worked in for IT Support had VOIP phones that most workstations plugged into. We discarded old keyboards like the plague since studies have shown that they are dirtier than toilets and a hospital environment was probably a lot worse.
Re: (Score:2)
Yes you're correct, they had VOIP for IT and admin staff, it was only patient rooms that still had analog.
Re: (Score:2)
[...] it was only patient rooms that still had analog.
My employment contracts prohibited me from being in an occupied patient room, which had the mobile workstations that connected to the wireless network. Never paid attention to the phones inside the patient rooms. I don't know if they were analog or VOIP.
Re: (Score:2)
Re: (Score:2)
You'd have to disassemble the handset so that the UV light could access the microphone and internals, on what could potentially be hundreds of phones in a day.
Re: (Score:2)
Re:General VLAN... (Score:4, Interesting)
I asked a similar question when my dad was in hospital being treated for an MRSA infection from a previous hospital stay. The answer is a typical telephone has speaker and mic holes, seams and moldings in the case, cutouts around the buttons (if it doesn't use membrane switches, though I haven't seen one like that for years)...lots of places for germs to hide where UV light can't get to them. Wiping down with alcohol isn't effective either.
Plastic bags muffle sound, add handling noise and make dialling and using the phone in general more difficult. It's a reasonable assumption that a patient is in hospital because they're already impaired in some way (or may be impaired by sedatives, pain killers, etc), so if the phone is more difficult to use than normal it may defeat the purpose of having it there at all.
And ultimately, they can buy basic handsets in bulk for ~$8 each, which works out cheaper than trying to keep them sterile. It also eliminates the risk of human error such as being incorrectly tagged and accidentally cycled back into use without being sterilized first, and that's a big enough problem with surgical instruments which can easily be autoclaved (many cheaper instruments like scalpels and scissors are also single use these days for the same reason).
Re: (Score:2)
Ok, with $8 per set, throwing them away is a lot cheaper.
Re:General VLAN... (Score:5, Funny)
Isn't that what telephone sanitizers are there for? Maybe we shouldn't have put them all on the first ark?
Re: (Score:3)
Sounds like somebody got himself some steady business bu shady means. Decontaminating phones is not more difficult than doing it for beds, toilets, door-handles, etc. This procedure does not make any medical sense.
Re: (Score:2)
Even smaller shops tend to have the VoIP stuff on a separate VLAN, just for QoS purposes, to ensure that a doctor calling in a prescription for Prozium or Joy will not get dropped.
It would be interesting to see how this attack happened. A misconfigured AD forest could have allowed for brute-forcing a DA/EA account. Especially if there is no protection against brute force [1]. A lack of physical security could have allowed someone to boot a DC and crack an admin account.
In any case, why wasn't AppLocker r
Re: (Score:2)
Doublepulsar allows remote code execution on windows servers. This allows the ransomware to encrypt entire servers without the need for brute forcing an admin account.
Re: (Score:2)
Prescriptions get sent to the pharmacy in text/xml format, not by a voice call.
Re: (Score:2)
Doesn't matter. Can you go forward with a treatment if you're uncertain if the treatment is safe, if the patient is in dire need, and so forth? The patient needs anesthesia; are they going to die like Monty Oum if you use one anesthetic rather than another?
Everything in a hospital is critical.
Re: (Score:2)
Everything in a hospital is critical.
Not necessarily. No patient will die if the cardboard baler goes on the fritz for a few days and a mountain of cardboard piles up in the trash area.
Re: (Score:2)
Unless they trip, fall onto the pile, cannot get up, nobody sees them, and they die of dehydration a couple of days later.
You joke but such situations are not unheard of.
http://www.nydailynews.com/news/national/s-f-hospital-orderly-stepped-woman-patient-discovered-dead-report-article-1.1492552 [nydailynews.com]
Re: (Score:2)
While I agree with you, the reality is that IT security in the medical area sucks even worse than in other fields. That is the only reason they were hit so badly. As law enforcement seems to be completely useless with regards to this threat, it becomes more and more urgent to remove IT security from the back-burner and recognize it as a mission-critical thing that in addition is difficult to get right.
Caveat: I do earn my living mostly with IT security these days.
Re: (Score:2)
Caveat: I do earn my living mostly with IT security these days.
That's what I do in government IT.
Re: (Score:2)
Write a blog post about it, bro.
No one wants to read about your butthurt. Go buy yourself some Lady Anti Monkey Butt Powder [amzn.to] to sooth over the pain.
Re: (Score:2)
If this is related to the Intel Management Engine exploit. At the moment I have no idea how you can protect from this.
Re: (Score:2)
To get to the IME still requires getting through other layers of security, many of which shouldn't be running on Intel CPUs at all.
Re:General VLAN... (Score:5, Interesting)
I think it likely also points out the problems with homogeneous systems...centralized systems, and such mandated by the government.
A singular system with all information, while providing convenience in many ways, opens itself up to being completely shut down if anyone ever breaks through the always inevitable cracks.
Re: (Score:3)
I'm sure private sector companies all happily undertake the additional expense & complication of developing & running entirely separate systems for each branch/office.
But remind me, who do you work for?
Re: (Score:2)
Actually, in the US until the most recent couple decades or so, that has been precisely the case.
Of course, one problem was they didn't talk to each other (but keeps from a single source of failure)....
But before HMO's and bean counters and the like started forcing consolidation, many if not most
Re:General VLAN... (Score:5, Insightful)
A singular system with all information, while providing convenience in many ways, opens itself up to being completely shut down if anyone ever breaks through the always inevitable cracks.
It's not convenience. Often it is part of a critical operating philosophy. I will wager more lives have been saved by centralising records and administration like this than have been affected by any cyber attack. Ferrying data between isolated systems introduced a tremendous amount of delay and error over the years which has successfully been fatal in many cases.
"Ransomware demanded"??? (Score:2, Funny)
"Ransomware demanded"???
So wait. They've demanded that 16 hospitals to give them ransomware?
Isn't the correct business model to give the hospitals the ransomware instead, and then demand ransom?
Is this an altruistic cyberattack? The hospitals give them the ransomware, which they install, and then they give the hospitals money so that the hospitals will send the the unlock code, and they can then move onto the next hospital?
I mean, as an approach to medical billing, it's kind of .. disruptive, but...
I am saddened to see my comment market "troll". (Score:3)
I am saddened to see my comment market "troll".
Other than a comment, there is no alternate channel with which to communicate errors in headlines or story summaries. The comment gets made, with humor, the headline gets fixed, and then the comment gets demoted.
This wouldn't be bad, if there were some way to direct message the editor for the headline and story summary in question, with having to leave a public comment in order to communicate their error.
At least my comment was made with good humor, rather tha
"Ransomware Demanded" (Score:2, Funny)
Don't give it to them! If you give them ransomware, they're just going to use it to start attacking people and demanding ransoms from their victims.
Re: (Score:2)
Don't give it to them! If you give them ransomware, they're just going to use it to start attacking people and demanding ransoms from their victims.
Hospitals already have their own ransomware. It's call the bill.
Re: "Ransomware Demanded" (Score:2)
Bzzzt! Wrong! It's the NHS.
Re: (Score:2)
Bzzzt! Wrong! It's the NHS.
It's happening in more than just the UK. From TFS:
Update: BBC is reporting that similar attacks are being reported in the UK, US, China, Russia, Spain, Italy, Vietnam, Taiwan today.
terminals not answering back (Score:2, Informative)
Not surprised Swiss cheese. NHS malware ransomware terminals not answering back. Ambulance system not reporting incoming patients. Using pen and paper to work out who is in and who is gone home. Unable to answer enquiries about patients. Everything else is working in slow motion not always working. Nationwide.
If the admins were smart... (Score:2)
If they were smart the desktops used to access patient are nothing more than "thin" clients with just an OS that can be PXE booted and re-imaged in short order... and the actual applications that matter would be running in VMs accessed from those clients... and the VMs would have have snapshots to roll back to in case something there gets screwed up...
Then again, if they were smart, they never would have connected systems used for patient care to the internet in the first place... all internet access would
Re: (Score:2)
Re: (Score:2)
Even with firewalled systems malware can get in. The Iranian centrifuge plants were not connected to the internet but the infection got brought in on USB sticks of scientists who wanted to show their colleagues pictures from their daughter's birthday party. Hackers can use social engineering to get across physical barriers
Windows? (Score:3)
Are they using Windows computers for sensitive health information? ... morons...
Are they using Windows for mission critical applications?
Re:Windows? (Score:5, Interesting)
When Tony Blair met Bill Gates in 2006 - after kissing Gates' feet and gushing for a few hours about his supreme wonderfulness - Blair signed up for the super huge mega deal, with all the Windows you can eat. (Small print: security is up to you, mumble mumble mumble...)
"Mr Gates, the billionaire software pioneer, had just written a book about how IT could transform economies".
Yeah. Transform them from prosperity to miserable bankruptcy - along with lots of dead and dying patients. And transfer a large slice of their revenue to Bill Gates' bulging pockets.
Maybe the NHS should call Gates now and ask him to sort out their problems.
https://www.theguardian.com/bu... [theguardian.com]
Re: (Score:3)
This is why countries should not trust US made software. It has backdoors installed for the NSA to sneak in. They would have been better off with Chinese software. It also would have backdoors but it would be cheaper.
Re: (Score:2)
Transform them from prosperity to miserable bankruptcy - along with lots of dead and dying patients.
[Citation Needed] More on the latter account because in the former case every country in the world has had an increase in medical costs since 2006 regardless whether or not the mighty BG was involved.
Re: (Score:2)
Exactly. Why is this not being addressed more? Using Windows for anything critical is just asking to be a victim like we see here.
Re: (Score:2)
Using Windows in a hospital should be enough to get you fired.
Connecting Windows to a network in a hospital should be enough to get you prosecuted.
Re: (Score:2, Interesting)
Are they using Windows computers for sensitive health information? ... morons...
Are they using Windows for mission critical applications?
Yes... they're using Windows XP. [theregister.co.uk]
Re: (Score:3)
OMG! Complete, absolute morons.
The management should all be fired.
NHS Digital (Score:2)
NHS Digital is national patient administration system, it is bold in scope and vision but with a history of expensive failure and delays caused by miss-management by practically every major IT consultancy that exists. I never worked on it myself but know many colleagues that have and non have ever had a good word to say about it.
Re: (Score:2)
Same morons as almost everywhere else. We have just too many people even in the IT field that know Windows and nothing else. A great success for Microsoft and a huge fail for humanity.
Comment removed (Score:4, Insightful)
Submarines have windows (Score:2)
The four Vanguard-class ballistic missile submarines provide the UK's entire nuclear deterrent. ...
The four submarines have just one critical flaw: They all run Windows XP.
http://www.popularmechanics.co... [popularmechanics.com]
Re: (Score:2)
That machine gets infected, and so it spreads at an exponential rate. Short version, this is WW III starting level shit!! We'll know soon enough in the next 48 hours around the world
Ya know, you have a point there. I'd sort of expected that the first net propagated worldwide IT catastrophe would be in the financial sector. But healthcare is pretty important also. Especially if you are the patient.
Someone is going to have a bad day.... (Score:4, Insightful)
GCHQ made a very unfortunate tweet at same time (Score:4, Informative)
"It's a good job we're better at keeping Britain safe than writing limericks⦠#NationalLimerickDay"
https://twitter.com/GCHQ/statu... [twitter.com]
Re: (Score:2)
No, more likely a team of experts in the arts of ungentlemanly warfare will arrange for a series of unfortunate events.
Re: (Score:2)
This will probably give a boost to homemade OSes in Russia and China. Not every country has the tech to write their own OS but Russia and China sure do. They already do write their own OSes for military applications. At least with a home made OS you know the backdoors are there for your own National Security Agency to spy instead of the US NSA
Silly malware peoples (Score:2)
The Value of Bitcoin???? (Score:4, Interesting)
is it really that untraceable?
Re: (Score:2)
I would not ... (Score:2)
I would not bet your freedom against GCHQ.
Re: (Score:2)
is it really that untraceable?
It takes some computational muscle, but I have no doubt the NSA has the tools.
But joke's on the perps - the way Bitcoin is now, confirmation times and fees are so high that the hospitals will probably be restored from backup before they get any decryption keys.
Re: (Score:2)
It probably is traceable but the NSA is not letting it be known. They are probably keeping it in their backpocket to be used when its worth burning that card. This incident may just be worth burning Bitcoin for but we wont know till the NSA decides to. They may decide to still reserve the card for a future threat.
Is it time (Score:2)
to start hanging the people that produce this crap?
Re: (Score:2)
And a big thank you very much to the NSA (Score:3)
Several experts monitoring the situation have linked the infections to vulnerabilities released by a group known as The Shadow Brokers, which recently claimed to have dumped hacking tools stolen from the NSA.
Re: (Score:2)
Several experts monitoring the situation have linked the infections to vulnerabilities released by a group known as The Shadow Brokers, which recently claimed to have dumped hacking tools stolen from the NSA.
This is a global demonstration of why "Security through obscurity" and "NSA back-doors" are a very, very bad idea. I can't even imagine of a clearer demonstration.
Too bad the political response will not be to do draconian things, rather than instituting open code reviews and such. Those NSA spooks like to have their little secret treasures, even if that endangers everyone in the world with an internet connection.
Re: (Score:3)
Thank you NSA for developing this exploit for the ransomware hackers to use. [nytimes.com]
The US NSA are to blame for this global (dozens of countries) IT clusterfuck. I wonder how the leaders of all of those other countries are feeling about the US right now...
Re: (Score:2)
You, like the NSA, seem to have forgotten that part of the NSA's job is defence. That they knew of these vulnerabilities and didn't work with microsoft to fix them is a failure of that job..
Why is it? (Score:4, Interesting)
The biggest worms, trojans, etc. all hit Windows? Rhetorical question, so no jesting or serious responses requested :) But this one looks to be fairly sizeable. Plenty of European telecoms, and other industries hit so far today. Even read reports of FedEx's Memphis hub instructing employees to power off those PC's.
Here's a map --> https://intel.malwaretech.com/... [malwaretech.com]. The ironic thing is that these are far from true 0-day exploits. Patch was released for this in March. Regardless of your organization size, testing and rolling out patches shouldn't be that difficult. Given it's been a few months. This is speaking from a person who's been a cog in the wheel at larger US organizations as well as supported smaller places...
Re: (Score:2)
The biggest worms, trojans, etc. all hit Windows? Rhetorical question, so no jesting or serious responses requested :) But this one looks to be fairly sizeable.
NYT noted up to 74 countries reporting having been hit.
Serious answer: MS puts out patches all the time. In institutions with multi-million $$ equipment, or life-critical equipment, avoid patching if at all possible. Such equipment is designed for a couple of decades of service or more. The computer-interface card might only have drivers up to Windows XP. Applying a MS patch could be either impossible, or if you run Win 8.1, say, something to be avoided. MS security patches are notorious for bricking
Re: (Score:2)
Okay I guess I did ask for it when I mentioned the rhetorical question. The MS security patches being notorious for bricking expensive equipment reference. Any somewhat recent and significant examples? Reason I'm asking is because I've sysadminned Linux servers going back to around 1997. And in parallel sysadminned Windows servers going back to NT 3.51.
When it comes to MS security patches bricking equipment, if you are talking about servers the last time I recall a major SNAFU was NT 4.0 Service Pack 6. Tha
Re: (Score:3)
Okay I guess I did ask for it when I mentioned the rhetorical question. The MS security patches being notorious for bricking expensive equipment reference. Any somewhat recent and significant examples?
2008 or so. A pushed Windows update bricked ALL Oxford-brand EDS systems globally for a couple of days. A driver update for the interface card fixed it, but it took time. What is an EDS? It's an analytical tool that allows chemical analysis in electron microscopes. Every university has several. Every big company, especially in tech, has tens of them (or 100's if you're Intel). The EDS systems would not work, preventing not only day-to-day use of this basic analysis-lab capability, but also mission-cr
Re: Why is it? (Score:2)
That sounds like a complete disaster! I can't imagine the time, expense, and repercussions that resulted. When it comes to specialty equipment with not off-the-shelf hardware I definitely wouldn't put into auto-update mode. Regardless of the calendar year or relative maturity of Microsoft's OS version.
Servers I manually update after a test run. Most are standardized in terms of hardware. Clients that do auto-update are all vanilla with no oddball hardware involved. The handful of proprietary hardware type c
If you think critical infrastructure is protected (Score:2)
Just to give you one example from the banking industry: I only recently learned that hundreds of banks allow a 3rd-party vendor of some dubious "sentiment analytics" to inject "widgets" into their banking home page, which they welcome because they are served for free - paid by advertisements the 3rd-party injects alongside their data into those HTML widgets.
Can you believe it? They voluntari
Re:I've come across this virus (Score:5, Funny)
"I've come across this virus. Nasty virus. Really, really bad virus. We're going to stop this virus, and we're going to make Mexico pay for it."
Re: (Score:2)
The NSA should be required to provide the decryption services. After all Microsoft left the backdoors for the NSA to get in and the NSA has some of the best decryption tools in the world.
Busy weekend ahead (Score:2)
Even if this attack is halted soon, it does raise some very pointed questions about resilience in a lot of mission critical systems. CEO phones CIO: 'Are you confident this can't happen to us?' 'Um....'
There are times I'm grateful I'm retired!
Re:Major cyber attack? (Score:5, Insightful)
Oh get off your high horse. We had a ransomware infect one user and then their network drives last fall. We stopped it within 20 minutes but still the damage was done with 40% of their network drive encrypted. The virus scanner (sophos) didnt catch it, email virus scanner missed it too. Was hand targeted for this one particular employee.
She unfortunately had access to a drive she shouldnt have as well so the attack spread farther than it should have.
We restored from backup and wiped the machine, but it was certainly inconvenient for a few hours for everyone in that department who lost access to their files.
The point is that this can happen to anyone so dont get cocky. Every user has write access to SOME files on the network, that is unavoidable.
I liked this video i saw at a cisco presentation a few weeks back. In theory a good IDS system with integrated agents on the machine and a "nex gen" firewall should halt an attack quickly. But thats a lot of money that many companies won't invest in till its too late.
https://www.youtube.com/watch?... [youtube.com]
Re: (Score:2)
Prevention measures should be in place in several places of the infra-structure, but I realize we are talking about the NHS AND the UK.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
We all know how AV are useless on those things (and many others)
Maybe it's time to implement server-side filesystem monitoring and trottle file IO + raising alarms when unusual IO burst occurs.
Better slowdown/block legitimate trafic than messing huge file collections.
Easyer to say than to code obviously....
Re: (Score:2)
However we are talking here of big bucks, which should not be problem in this organisation.
IT Governance not Technical failure (Score:2)
This should be all but impossible on a competently managed system, it should not be able to proliferate to this extent on computers in a controlled environment. The scale of this attack is troubling. The fact that this could happen is not a single failure, it is major failure of IT governance. Layering controls in platform and process with should prevent a single technical or human failure compromising the whole system like this. The compromise should always be localised. This is a governance and se
Re:IT Governance not Technical failure (Score:4, Funny)
Doh (Score:2)
Perhaps you should learn the difference between governance and government.
No, It is just MS Windows on the Internet (Score:2)
Windows is not safely usable on the Internet.
It's not incompetence by the administrators. They cannot fix a binary blob of vulnerable proprietary code.
24 years after Windows 3.0 with Trumpet tcp/ip stack Windows continues to be the easiest platform to attack successfully. This will not change until Microsoft becomes financially responsible for their poor security design.
I worked at an ISP for many years. We always used open source software, so we could fix issues ourselves. That was a hell of a lot better t
Re: (Score:2)
Once an unhappy customer complained and changed the SQLServer instance to another port for an app in another country to write to it, after being told by us that the properly way to do it was a VPN and we could assist with that, in less than two weeks they were hacked/infected by a bot, and ripe with malware in the internal network that used the SQLServer as an entry point.
As
Re: (Score:3)
It smells more to major incompetence.
More like general negligence, who outranks incompetence.
I work in the UK, several of our customers are banks, they're all going apeshit with requests to find out if they're vulnerable to the same attack. We keep their shit patched so no, but it's making my evening a living hell.
However I've also worked for several medical clients back in Oz. I'm not surprised this kind of thing can happen. You'd so often see a $1000 PC hooked up to a $350,000 medical scanner. That PC would be running a 5 year old OS b
Re: (Score:2)
Re: (Score:2)
You'd so often see a $1000 PC hooked up to a $350,000 medical scanner. That PC would be running a 5 year old OS because it ran a specific $30,000 piece of software that the scanner required to interpret the raw data. Its not that they didn't want to upgrade the OS or hardware, shit, that's the cheap part ...
Thanks. I was sure that what you describe was not uncommon, but since I never worked with medical stuff, only happened to have it applied to me from time to time, I didn't bring the subject up.
Question: If the PC is only there to act as an embedded controller, and it does its job, why should you care what OS or version it uses? If it were a black plastic box with a couple of sockets and a power plug would you care what sort of CPU it had or whether it were running MSDOS, QNX, OS9 or ran by the power of
Re: (Score:2)
It smells more to major incompetence.
So General VLAN (first post) has been promoted to a staff position and Major Incompetence has been given his old command?
Re:Can you see (Score:4)
Re: (Score:2)
The Medical IT in America is so fragmented and confusing that even hackers give up as its too confusing. Its not also well integrated. The reason Americans pay 3 times other developed countries is Doctor's offices are employment generation schemes with receptionists, medical billing specialists, nurse's assistnats and what not. Many time the only way to take records form one doctor's office to another is print it out, hand carry it and have the new office type it back in. Not an environment easily hacked. I
Re: (Score:2)
Re: (Score:2)
Well, given that this affects non-single payer nations too... no.
http://www.bbc.com/news/techno... [bbc.com]
Re: (Score:3)
This rule does make a profit for shareholders. It's not single-payer insurance, it's either being forced to buy something from a private company or a fine.
Re:Forced health service holds US ransom (Score:4, Interesting)
Indeed. I'd be in favor of single-payer, but Obamacare is an abomination. And I mean that word in the old-school sense of some spawn of things that really shouldn't go together.
But that's the U.S. government way. We don't have socialism; he have half-assed versions of regulation that really end up funnelling money into the pockets of rich people and corporations. We did it with Fannie Mae and Freddie Mac -- just enough regulation to claim they were pseudo-government entities, but enough freedom to completely blow up the housing market and be bailed out by taxpayers. We've witnessed it with Obamacare -- enough regulation to improve healthcare a bit, but with increased costs and a completely superfluous layer of private corporations whose sole benefit is to stand in the WAY of actual health care, make claims and overhead by health providers much more complex, and skim ~15% off the top. And now we're seeing it with student loans -- no, we don't want to actually provide higher education for everyone, but we'll create this weird loan structure that flows through young uninformed students with prices set by colleges that act more like corporations than educators every day... is it any wonder tuition is out of control?
That's the great American experiment: see how many ways we can screw over taxpayers by creating "regulation" systems that half-fix problems and provide perverse profit incentives for corporations.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
This was not a targeted attack. In fact, the creators may even have assumed that hospitals would have better IT security (not worse) than anybody else and hence this was not a risk.