- My Forums
- Tiger Rant
- LSU Recruiting
- SEC Rant
- Saints Talk
- Pelicans Talk
- More Sports Board
- Fantasy Sports
- Golf Board
- Soccer Board
- O-T Lounge
- Tech Board
- Home/Garden Board
- Outdoor Board
- Health/Fitness Board
- Movie/TV Board
- Book Board
- Music Board
- Political Talk
- Money Talk
- Fark Board
- Gaming Board
- Travel Board
- Food/Drink Board
- Ticket Exchange
- TD Help Board
Customize My Forums- View All Forums
- Show Left Links
- Topic Sort Options
- Trending Topics
- Recent Topics
- Active Topics
Started By
Message
0
Posted on 2/19/26 at 2:05 pm to theballguy
quote:
Agreed. A scalpal shouldn't have a public ip address. Medical equipment in a hospital can still be networked and not be on the public network or even available inline from any other points within the internal network.
Without going into too much detail: we got hit by the Akira ransomware group. How they got an 'in' was the most surreptitious, random set of circumstances you could imagine, part of which was a seemingly minute failure on our IT org's part. We were saved from total annihilation by the fact we implemented zero-trust architecture about a year prior. The attackers couldn't get to anything valuable but they tried. There's a lot more to protection than "zero-trust" but that was a big factor.
quote:
There's nothing revolutionary about any of the attacks. This happened because people don't know what tf they're doing or maybe just don't give a shite.
I will mildly disagree, because some threat actors are on another level than others. What we found during forensics.. two things come to mind: they were able to do some things that, according to the industry, shouldn't be possible. Some of these state-sponsored actors have massive computing power at their disposal. And the sophistication with which they covered their tracks was highly impressive. Highly developed and very effective, as well as their encryption techniques.
Posted on 2/19/26 at 2:13 pm to anc
There must not be that many people on this board who work in IT. I do. I can assure you that this attack was almost 100% preventable.
Except under the rare situation of a brand new software exploit/vulnerability not being known by the company/hospital or also a very rare human error that doesn't get caught quickly, just about the only reason cyber attacks ever happen is because numerous layers of personnel (typically managerial) at the company/hospital are wearing their own asses as hats.
And definitely issues with intelligent administration isn't helped by having sensitive systems fully accessible to the public internet. We as a society have FAR too much information readily available on the internet and it is always completely dumb and lazy.
Someone in that hopsital I am positive sure thought they were saving money by not investing in proper IT security.
EDIT: The poster above me made some good points as well. Ultimately, any organization wanting to limit its vulnerability to damage even if an attack gets through would have a recovery plan to get back into business as quickly as possible even in the event of a successful attack. That does include ransomware.
Except under the rare situation of a brand new software exploit/vulnerability not being known by the company/hospital or also a very rare human error that doesn't get caught quickly, just about the only reason cyber attacks ever happen is because numerous layers of personnel (typically managerial) at the company/hospital are wearing their own asses as hats.
And definitely issues with intelligent administration isn't helped by having sensitive systems fully accessible to the public internet. We as a society have FAR too much information readily available on the internet and it is always completely dumb and lazy.
Someone in that hopsital I am positive sure thought they were saving money by not investing in proper IT security.
EDIT: The poster above me made some good points as well. Ultimately, any organization wanting to limit its vulnerability to damage even if an attack gets through would have a recovery plan to get back into business as quickly as possible even in the event of a successful attack. That does include ransomware.
This post was edited on 2/19/26 at 2:25 pm
Posted on 2/19/26 at 2:24 pm to anc
Wow - that succcckkkkss
I can just imagine all of the HR/team building/refresher meetings that will be scheduled after this
I can just imagine all of the HR/team building/refresher meetings that will be scheduled after this
Posted on 2/19/26 at 3:13 pm to alive2022
quote:In a hospital?
Because most people are barely surviving and are just doing the bare minimum. Because they get paid the bare minimum.
A) You don't know WTF you're talking about.
B) Be glad, in the instance of a hospital, that "A" is true.
Posted on 2/19/26 at 3:16 pm to alive2022
quote:
Because most people are barely surviving and are just doing the bare minimum.
Pretty sure that for the vast majority of the whiners complaining about the first part, the reason is in the second part.
Posted on 2/19/26 at 3:37 pm to alive2022
quote:
Because they get paid the bare minimum
You think a hospital is getting paid the bare minimum? Do you think the average joe working there has anything to do with network security?
Your comments pretty much sum up leftist thinking quickly and easily.
Posted on 2/19/26 at 3:43 pm to anc
Someone reconfigured a firewall so they could post on TD.
It’s Kiffin’s fault for going to LSU.
It’s Kiffin’s fault for going to LSU.
Posted on 2/19/26 at 3:43 pm to anc
quote:
21st century warfare. We don't seem to have the capability to stop these attacks.
These aren't attacks. These are dumb frick employees with access, that *still* haven't figured out how not to click on stuff they shouldn't (PDFs, links, etc.)
UoM MC could have implemented all kinds of stuff which isn't new, but they didn't:
quote:
Block spam. Most email clients come with built-in spam filters, but third-party filtering services can give users more granular control over their email. Other recommendations for avoiding email spam include unsubscribing from mailing lists, refusing to open spam emails, and keeping email addresses private (i.e. not listing them on an organization’s external-facing website).
Use email security protocols. Email authentication methods like SPF, DKIM, and DMARC records help verify the source of an email. Domain owners can configure these records to make it difficult for attackers to impersonate their domains in a domain spoofing attack.
Run a browser isolation service. Browser isolation services isolate and execute browser code in the cloud, protecting users from triggering malware attachments and links that may be delivered through a web-based email client.
Filter harmful traffic with a secure web gateway. A secure web gateway (SWG) inspects data and network traffic for known malware, then blocks incoming requests according to predetermined security policies. It can also be configured to prevent users from downloading files (like those that may be attached to a phishing email) or sharing sensitive data.
Posted on 2/19/26 at 3:55 pm to alive2022
So rail against the ones that look to repair but don’t blame those who broke the damn thing?
Posted on 2/19/26 at 4:02 pm to notsince98
quote:
not going to happen. You had to "plug in" to get to this site and post.
posting here is not a requirement for medical equipment to function.
Da fuq?
Posted on 2/19/26 at 4:14 pm to anc
quote:
Cyber attack takes down University of Mississippi Medical Center
Someone hacked the dial up?
Posted on 2/19/26 at 4:16 pm to notsince98
quote:
Stop plugging everything in to the network.
My sweet summer child.
You'd prefer a nurse scribbling down EKG readings, and then typing them into their EMR system at the end of their shift 8 hours later? Maybe staple the printout to something?
There is almost never one network. There should be a POS (point of sale) network for the gift center, patient payment and the cafeteria, a different network for the provider PCs, a different network for medical devices, all restricted by least privilege from one network and subnet to another, for starters.
But UoM can't figure out the kind of things I tested in shitty hospital systems in Jackson 15 years ago, in 2026. But I'm sure they passed their HIPAA "reasonable safeguards" standard audit.
Posted on 2/19/26 at 4:41 pm to alive2022
quote:
Because most people are barely surviving and are just doing the bare minimum. Because they get paid the bare minimum. And the president that said he was going to bring prices down hasn't. It's pretty simple really.
So this is why people click phishing links?
Posted on 2/19/26 at 4:49 pm to anc
Technology is great and cutting edge until is doesn’t work and now we are back to the Stone Age instantly and crippled
Posted on 2/20/26 at 9:41 am to LemmyLives
quote:
You'd prefer a nurse scribbling down EKG readings, and then typing them into their EMR system at the end of their shift 8 hours later? Maybe staple the printout to something?
that is a strawman. The issue is equipment required to perform procedures (not equipment needed to document it) do not need to be actively networked. Firmware updates can be provided other ways if necessary. Modern tech has gotten too reliant on on things like cloud management to perform physical functions that have no need to have that extra requirement. This way when these events happen, they only have to go to hand written documentation during these situations but they can still perform their duties and treat people.
Page 2 of 2
Popular
Back to top
Follow TigerDroppings for LSU Football News