Dry the tears: WannaCry stymied, North Korea hackers suspect. Is this a poke for a worse attack?

May 16, 2017 | by | 1 Comment

Breaking News This morning’s (Tuesday 16 May) news is about reputable security organizations–Kaspersky Lab and Symantec–connecting the dots that lead for now to a North Korea-linked hacking organization, the Lazarus Group. This group has been identified in previous hack attacks and is based upon WannaCry code appearing in Lazarus programs. US Homeland Security has admitted seeing the same similarities, but all are working to gain more information.

Lazarus has been previously identified as the source of the 2014 Sony attack and the theft of $81 million from the Bangladesh central bank, again linked to fundraising for North Korea for its missiles, army, EMP and nuclear arming while its terrorized people starve. However, this attack was a flop; according to US Homeland Security, about $70,000 was raised in ransom. The Homeland Security spokesman also distanced the NSA from the original information which targeted weaknesses in Microsoft’s systems.

According to reports, WannaCry disproportionately affected Russia, Taiwan, Ukraine and India, according to Czech security firm Avast. No US Federal government systems were affected. China on Monday reported that it attacked traffic police and school systems.

The Telegraph has posted a speculative list of 34 NHS organizations which suffered IT failure during the WannaCry attack. The article includes a map produced by MalwareTech that geographically spots the infection locations; the Boston to Washington corridor is a sea of blue dots. And…Marcus Hutchins has been identified as the young UK tech working for Kryptos Logic who redirected the attacks by buying a domain embedded in the WannaCry code. How it worked, according to PC World, is that if the malware can’t connect to the unregistered domain, it infects the system. By registering the domain and creating a page for the malware to connect to, he stopped the malware spread. (Video in Telegraph article)  Also FoxNews

But is this a prelude to more and worse? Is this testing our preparedness? If so, we’ve been found wanting on an enterprise level with vulnerable systems and administrators not updating their software and OS. George Avetisov, the CEO of HYPR, a biometric authentication company, in The Hill, summarized it neatly today: “We’ve also learned the hard way that, simply through a coordinated phishing attack on unsuspecting users, hackers can disrupt the day-to-day activities of enterprises that provide communications, travel, freight and healthcare administration simply by remotely deploying malware.” He then goes on to praise President Trump’s executive order (EO), “Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure,” which he signed on Thursday–right before all this began. As if in confirmation…ShadowBrokers, the group that hacked the NSA files, today announced the availability of a subscription to a ‘members only data dump’ like a Wine of the Month Club. Watch out, banks and healthcare, it’s open season! NHS, better pay attention to another kind of hygiene–cyberhygiene. Without it, plans for patient apps and data sharing will go sideways–and deserved fodder for Dame Fiona [TTA 10 May]. The Hill  Earlier coverage here

Ten years on from the WSD: is the future brighter for telehealth? Can wind farms help?

January 4, 2016 | by

As Prof Mike Short pointed out recently, 2016 is the tenth anniversary of the start of the Whole System Demonstrator (WSD) programme that in retrospect, because of poor trial design, probably slowed the uptake of digital health in the UK more than any other single action. It seems appropriate therefore to look at how telehealth* has fared over that period, and perhaps even more importantly, is poised for the next ten years.

The mistakes of the WSD are well documented (eg here, here & here) – suffice it to say that it proved beyond all reasonable doubt, at least to this editor, that unlike medicine-based interventions, which seem less sensitive to their care pathway, digital health delivers most of its benefit through enabling a different, patient-centred care delivery, so every digital health intervention needs to be evaluated holistically, and in its own care pathway. Sadly over the ten years, much of the academic work looking at the benefits of telehealth has continued to evaluate the technology in the time-honoured way that medicines have been evaluated, with predictably largely equivocal results.

Those of us who have delivered telehealth projects though have a sense of disconnect as, time and again, a focused implementation – not a pilot – in which the staff delivering the service understand that it will be a permanent change for which they need radically to change the way they deliver care, yields huge returns on investments through savings typically in the 50-90% region. (more…)

Wearables and mHealth: a few observations

July 13, 2014 | by

The Telegraph reports on the creation of Amazon UK’s wearables store, following on from their US launch that we covered on April 30th. Unlike in the original US launch, locating the store is not that challenging, however it is very much a jumble of products: if you know what you want then you probably don’t need a store to find it; if you don’t, there’s precious little to guide you to find the right product.

One of the wearables they’ll doubtless think carefully before stocking is (more…)