Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Security IT Technology

Patients of a Vermont Hospital Are Left 'in the Dark' After a Cyberattack (nytimes.com) 112

A wave of damaging attacks on hospitals upended the lives of patients with cancer and other ailments. From a report: At lunchtime on Oct. 28, Colleen Cargill was in the cancer center at the University of Vermont Medical Center, preparing patients for their chemotherapy infusions. A new patient will sometimes be teary and frightened, but the nurses try to make it welcoming, offering trail mix and a warm blanket, a seat with a view of a garden. Then they work with extreme precision: checking platelet and white blood cell counts, measuring each dosage to a milligram per square foot of body area, before settling the person into a port and hooking them up to an IV. That day, though, Ms. Cargill did a double-take: When she tried to log in to her work station, it booted her out. Then it happened again. She turned to the system of pneumatic tubes used to transport lab work. What she saw there was a red caution symbol, a circle with a cross. She walked to the backup computer. It was down, too.

"I wasn't panicky," she said, "and then I noticed my cordless phone didn't work." That was, she said, the beginning of the worst 10 days of her career. Cyberattacks on America's health systems have become their own kind of pandemic over the past year as Russian cybercriminals have shut down clinical trials and treatment studies for the coronavirus vaccine and cut off hospitals' access to patient records, demanding multimillion-dollar ransoms for their return. Complicating the response, President Trump last week fired Christopher Krebs, the director of CISA, the cybersecurity agency responsible for defending critical systems, including hospitals and elections, against cyberattacks, after Mr. Krebs disputed Mr. Trump's baseless claims of voter fraud. The attacks have largely unfolded in private, as hospitals scramble to restore their systems -- or to quietly pay the ransom -- without releasing information that could compromise an F.B.I. investigation. [...] The latest wave of attacks, which hit about a dozen hospitals in the United States, was believed to have been conducted by a particularly powerful group of Russian-speaking hackers that deployed ransomware via TrickBot, a vast network of infected computers used for cyberattacks, according to security researchers who are tracking the attacks.

This discussion has been archived. No new comments can be posted.

Patients of a Vermont Hospital Are Left 'in the Dark' After a Cyberattack

Comments Filter:
  • Fact: (Score:5, Interesting)

    by LenKagetsu ( 6196102 ) on Friday November 27, 2020 @04:11AM (#60769848)

    Any malicious action that shuts down a hospital should be investigated as terrorism, attempted murder, and murder if a death occurs.

    But but but that's manslau-

    There is no such thing as an accidental attack on a hospital, same way there's no such thing as an accident with a gun.

    • Re:Fact: (Score:5, Interesting)

      by greenfruitsalad ( 2008354 ) on Friday November 27, 2020 @04:33AM (#60769880)

      We've had the means and the know-how to avoid this for at least 15-20 years. Instant daily/hourly diff snapshots replicated (via pulling) to remote machines. Run as much as you can on a server accessed via web browser. If windows software is required, it should be storing data only on NASes (that do the snapshots) and the actual windows installation should be cloned from an image daily (or on demand). I understand this is oversimplified but it is the general gist of it.

      • Re:Fact: (Score:5, Insightful)

        by AmiMoJo ( 196126 ) on Friday November 27, 2020 @05:08AM (#60769920) Homepage Journal

        Problem is there is no economic incentive to do that. It costs money and has no ROI most of the time. When a hack does happen the hospital is the victim and won't be liable because they were taking the same precautions as everyone else, industry standard practice.

        • Re:Fact: (Score:5, Insightful)

          by LostMyAccount ( 5587552 ) on Friday November 27, 2020 @07:08AM (#60770096)

          They never spend enough even when they appear to have an incentive.

          I worked with a client who implemented the parent posters' concept using well-known enterprise data protection systems *after* they had their own cryptolocker infection. Hourly(?) incremental backups replicated off site and then stored in storage vault, which only does incremental pulls.

          Since they run production from leased racks, they used their on-site data center as the offsite replication location. It was a fucking joke, two obsolete air conditioners which were both broken, a whole-room hardwired UPS, also broken, and none of it they planned to fix. It just baffled me they went 75% of the way to ensuring their uptime and then stopped because the rest was too expensive.

        • Re: Fact: (Score:4, Insightful)

          by Ogive17 ( 691899 ) on Friday November 27, 2020 @08:21AM (#60770186)
          Maybe they do have proper backups. My company got hit back in June and it took about 3 weeks to get everything restored. It wasn't just flipping a switch to replace the data, all drives must be rebuilt and all devices must be cleared before restoration.
          • Sounds like to me that you never checked your restore procedure, it is no good backing up data/programs if you do not have a proper procedure to restore your systems. Three weeks seems long to me unless you are scattered around the globe.
            • by jythie ( 914043 )
              It is not always practical to completely test a restore procedure, even if you can afford to have a complete mirror system to test it on. You can test pieces, and samples, but there are often hickups when you need to restore an entire live system that connects to other live systems. There is also the problem that testing a restore process has a chance of damaging or contaminating a live system, which has to be weighed as a potential cost too.
            • by Ogive17 ( 691899 )
              It was global and the 3 weeks was to get to a point where everything was functioning again. Key systems were brought up within a couple days. It was the network drives with shared documents that took the longest to restore.
          • Three weeks? Good God. Back in 2016 one of our remote sites got hit with ransomware and it took me all of 15 minutes to restore ~30,000 VM server files from a backup host that's mostly off-net. And this is a retail company that largely underspends on technology here...

            • by Ogive17 ( 691899 )
              So did you have to restore thousands of computers globally controlling production lines?

              And how do you restore files to a server/computer without first making sure to contain the spread of the ransomware?

              It takes more than 15 minutes to re-image a single computer.
        • ROI isnâ(TM)t the driver for change in this instance. Hospitals will be forced to modernize as part of their license to operate pretty soon. Underinvested IT services and skillsets will be forced out of the hospital setting. I suspect much of the funding will also come from Federal Government.

        • Charge the senior management at the hospital with negligent homicide. I bet that would align incentives.
      • Re:Fact: (Score:4, Insightful)

        by Luckyo ( 1726890 ) on Friday November 27, 2020 @07:20AM (#60770110)

        Consider for example resource costs on the system for your suggestion. Now add to this the complexity of security requirements on relevant data. Now add to this the training for medical personnel. Now add to this the downtime caused by added complexity.

        And now consider that these places need to work 24/7/365. And you arrive at the current conundrum. The costs associated with doing what you suggest become utterly astronomical. Which is the costs that will have to be run from the same budget that is used to hire doctors and nurses, get actual medical hardware, medicines and so on. And health costs are already rapidly outpacing ability to pay in single payer systems due to combination of rapidly ageing population and medical advances that extend life during the period of extreme degradation of human body.

    • by gtall ( 79522 )

      Fat chance Putin's Poodle will authorize any significant retribution for these attacks.

    • Re:Fact: (Score:5, Insightful)

      by r2kordmaa ( 1163933 ) on Friday November 27, 2020 @05:26AM (#60769938)
      Hackers will not give a flying f what you investigate it as, the entire root of the problem is that you are really not capable of catching anyone but completely incompetent script kiddies that also happen to live in the same jurisdiction the hack happened in. This is not really a problem you can solve from law enforcement end of things, the only way to prevent such hacks is to invest in equipment that is not wide open to anyone that wants to screw with it.
      • Re:Fact: (Score:5, Interesting)

        by Luckyo ( 1726890 ) on Friday November 27, 2020 @07:29AM (#60770126)

        The problem is furthered by the fact that most such criminals reside in countries where such attack may not even be prosecutable for wide variety of reasons.

        A good example here would be Russia, where after a while, Russian authorities figured out that they could use FBI's request for assistance as a recruitment tool for the state's cybersecurity apparatus. To be fair, that's what US did for a long time internally, so it's not like they're original in this regard.

        • Indeed, but using weapons of mass unaccountability means that Russia is setting themselves up for tit-for-tat. All it takes is a group less moral than them.

          • Agreed. It's also likely that the Russian people will become tired of being associated with this sort of Kremlin-driven activity.
            • Re:Fact: (Score:4, Interesting)

              by Luckyo ( 1726890 ) on Friday November 27, 2020 @10:56AM (#60770428)

              That's one way to put it. Putin's party got voted out in the second string of towns going down the Trans-Siberian railway in favour of LDPR. That's the opposition party that campaigns on the platform of current government and president being far too soft on the West.

              Russians are hard people, used to being attacked from all sides. And used to the fact that if they give an inch, they get invaded yet again. There's a reason why they're pretty much the most invaded nation on the planet. The geography is a thing of nightmares from security perspective. Remember that the origin on of the world "slave" in English comes from slavic peoples. Primarily Russians at the time, as that was the time of the Golden Horde's dominance over modern Russia.

          • by Luckyo ( 1726890 )

            You seem to think that Russians are the ones who started it. Whereas in reality, the original cyberattack was committed by US against Soviet gas pipeline in Russia back in 1982, when CIA successfully planted software in turbine control equipment modules that caused the pipeline to explode with what is the biggest non-nuclear man made explosion to ever occur.

            Reagan wrote about this event in his memoirs.

            • As the saying goes, it's not who "starts it" but who finishes it, and continuing the behavior will just encourage others to finish it*.

              *Targeting industries like healthcare would be tantamount to blowing up schools. There's just some lines that shouldn't be crossed, even in war.

              • by Luckyo ( 1726890 )

                False assumption: targeted nature of the ransomware attacks. Almost all of them are not targeted, but opportunistic.

    • Re:Fact: (Score:5, Insightful)

      by Mishotaki ( 957104 ) on Friday November 27, 2020 @05:58AM (#60770000)
      yes, and the culprits should be brought to justice... so go get the hospital administrators who let their systems be vulnerable! They are the ones who didn't budget their IT department to make sure such an attack would never happen or would have minimal impact...
      • Mod parent up.

      • by Luckyo ( 1726890 )

        The actual people responsible would be tax payers for refusing to elect people who would massively increase the tax burden, so such vulnerabilities could be addressed while still being able to meet the primary functions of medical system that are already stretched to the limit of their ability in places like Canada due to ageing of population.

      • by dgatwood ( 11270 )

        yes, and the culprits should be brought to justice... so go get the hospital administrators who let their systems be vulnerable! They are the ones who didn't budget their IT department to make sure such an attack would never happen or would have minimal impact...

        Limiting the impact is to do when every operating system update to at least some systems requires the whole system to go through FDA-approval again, which takes months. Government regulation is often part of the problem, ironically. The cost of compliance greatly exceeds the cost of a complete systems loss.

        I'm not sure what the solution is, but ensuring that the cybercriminals are immediately captured or killed must be the first step, to send a message to anyone else who might think about committing such

        • I'm not sure what the solution is

          I am: Outlaw Cryptocurrency worldwide.

          That may not completely eliminate it; but it will reduce it to a millionth of what it is now.

    • Re:Fact: (Score:5, Insightful)

      by Luckyo ( 1726890 ) on Friday November 27, 2020 @07:26AM (#60770124)

      Fact: most of the time, ransomware criminals don't even know who will end up being infected. Theirs is the ultimate scattershot approach, with opportunistic infections being the primary method of getting into the systems.

      Doesn't take away from seriousness of the crime, but pretending something is different from what it is isn't going to help solving the problem. It's only going to hurt it.

      • Re:Fact: (Score:4, Interesting)

        by dgatwood ( 11270 ) on Friday November 27, 2020 @11:35AM (#60770504) Homepage Journal

        And that's why if you're pulling these crimes, you don't destroy the system until you know who it belongs to. Pull the data, and if you start seeing medical records, disable your attacks and walk away. No one ever has to know, and nobody has to die.

        If an attacker isn't willing to do that, then as far as I'm concerned, it is no different than if that person attacked the hospital deliberately. The attacker is a terrorist attempting to commit mass murder.

        • by Luckyo ( 1726890 )

          There are few people who don't make stupid conclusions in anger. And your conclusions suggest that you're utterly furious.

          Because if they actually wanted to "commit mass murder", they wouldn't want to ransom the system's encryption keys back to you. In most cases, these people literally have no idea who will be the one to install their software. It's why sums being asked are often chump change for large organisations compared to how much it would cost to do full system recovery, and why most appear to pay r

          • by dgatwood ( 11270 )

            There are few people who don't make stupid conclusions in anger. And your conclusions suggest that you're utterly furious.

            Because if they actually wanted to "commit mass murder", they wouldn't want to ransom the system's encryption keys back to you.

            Their intent actually doesn't matter in this case. If you go into a store with a loaded gun and intend to rob the place, but in the process, somebody gets shot and dies, you will be charged with murder 2, because you showed reckless disregard for human life. So from a legal perspective, what I said is correct: If the attacker does not show even a modicum of concern for human life in their attacks, they can and should legally be treated like their intent was to commit murder. That's what the law says. I

            • by Luckyo ( 1726890 )

              >somebody gets shot and dies, you will be charged with murder 2, because you showed reckless disregard for human life

              Why are you charged with murder 2 and not murder 1? Because intent matters.

              • by dgatwood ( 11270 )

                >somebody gets shot and dies, you will be charged with murder 2, because you showed reckless disregard for human life

                Why are you charged with murder 2 and not murder 1? Because intent matters.

                Second degree is the best-case scenario. In all but six states, it is murder 1. And either way, it is still murder.

                • by Luckyo ( 1726890 )

                  Notice how you didn't answer my question, because to answer it would require debunking your previous assertion.

                  • by dgatwood ( 11270 )

                    Yes, I concede that intent matters in six states out of fifty plus the District of Columbia.

                    • by Luckyo ( 1726890 )

                      In those states is it possible to get a different punishment even if accusation is under the same specific legal formulation, because even within that specific legal formulation, there is a significant range of punishment depending on factors like intent?

    • "Any malicious action that shuts down a hospital should be investigated as terrorism, attempted murder, and murder if a death occurs."

      I guess you mean the administrators who refuse to replace these Windows95 and XP computers?

    • by sjames ( 1099 )

      Specifically, it's Felony Murder [wikipedia.org].

      Felony Murder doesn't require intent to kill, just a death that happens during a Felony.

      There's a special place in hell for people who carry out ransomware attacks. It's a very special place in hell when they hit a hospital.

    • by jon3k ( 691256 )
      Wouldn't this be felony murder? Or is that a state by state thing? IANAL but I thought if someone died during the commission of a felony, they were guilty of felony murder.
      • Yes, if you're committing a felony and someone dies, everyone involved in it can be charged and convicted for murder in varying degrees, including first degree + death penalty. Crimes that cross state lines or international borders are a very different beast with sharper fangs. Firing a bullet from Canada to America will get just as much heat on your ass as firing it from Tennessee to Kentucky.

        https://en.wikipedia.org/wiki/... [wikipedia.org]

  • Block cryptocurrency exchanges from electronic banking, cryptocurrency dies and ransomware dies.

    Win win.

  • What is this a story about, chemotherapy? I hate it when people turn information into a fucking novel. Just the facts ma'am.
  • Units? (Score:2, Funny)

    by msauve ( 701917 )
    "milligram per square foot "

    They're doing it wrong.
  • Corrupt Vermont (Score:5, Informative)

    by branmac ( 6342816 ) on Friday November 27, 2020 @06:33AM (#60770048)
    Vermonter here... My wife, who is recovering from cancer, can't get treatment along with many many others while UVM attempts to fix its problem. Perhaps if they had properly protected their systems instead of continuing to make themselves bigger at our expense this wouldn't be an issue. The entire state IT infrastructure is a mess. While state agency management has grown exponentially over the years in comparison to the people who actually work the state is still saddled with obsolete systems that benefit the procurement whores who's names can be found attached to the lobbyists that haunt the halls of the statehouse. Look for background on the state's failed contract with HP to re-do the DMV system some years ago for an example of malfeasance. Al "Revolving Door" Gobeille is the VP of operations for UVM Health Network. Funny thing is he took that job just two months after leaving as chair of the Green Mountain Care Board, the regulatory body that regulates health care spending, including hospital budgets. In 2009 the entire Agency of Human Services (the largest network in the state) got shut down due to a failure to update antivirus signatures and they had to bring in outside consultants to "fix" it. If they (and UVM) had competent professionals and not bullshit artists running the show this wouldn't have happened. I'm livid at the waste of money and time. If the fucking legislators in the capital spent even a quarter of their time dealing with these types of issues as they did with legalizing weed and playing in their ideological sandbox schlubs like me wouldn't be worrying if our family members are going to be able to get the medical care they need. Currently, they can't. Don't get me started on the state's health exchange which still is a mess.
    • by Luckyo ( 1726890 )

      Sad reality is that you get what you vote for in nations where you get to elect your leaders. Most people don't really care about these things until they get experience like yours. But they might care about weed.

      And frankly, would you want to work for such an organisation if you were an IT professional who is actually competent?

    • Vermont has a low population and for a northeastern state a low population density.
      This makes finding IT workers difficult, which than causes them to outsource, which then makes it difficult for IT workers in or near Vermont to find work there. So any people with IT skills will go to New York, or Massachusetts.

      This is more than just normal IT Grunt workers, but Experienced IT Managers, who know how to deal with vendors and consultants, and propose an actual solution to the organization vs just letting some

  • by Viol8 ( 599362 ) on Friday November 27, 2020 @07:32AM (#60770136) Homepage

    ... if a patient dies, but just as important the hospital management and IT staff should be charged with death by negligence or whatever its called in the US. Its about time the complacency of operators of critical civilian computer systems we given a hard kick up the arse.

    • by dargaud ( 518470 )
      Military computer systems have to fulfill an heap of (very harsh) requirements. Why is it not the same for medical/hospital systems. I saw some X-ray machines running XP without password recently. It would be trivial to hack into those and change the dosage to the cancer-inducing maximum, even by mistake (for the hacker).
      • The military has an almost unlimited budget, and when they want more, they can just ask the feds for another handout, and they get it no questions asked.

        Hospitals, not so much. Most hospitals run on a shoe-string budget, and many barely manage to continue to scrape along. (and many don't, and close)

        There is no way hospitals can afford to protect their systems like the military does, unless the government gives them a budget to support it like they give the military. The trend, however, seems to be going

  • by c-A-d ( 77980 ) on Friday November 27, 2020 @07:50AM (#60770154)

    why do these systems even need internet access ?

    • by nagora ( 177841 )

      why do these systems even need internet access ?

      A lot of them don't, but they need access to some other system in the same network. Pull on the thread long enough and you'll find some place on the system that does need Internet access. That's the entry point.

    • "I wasn't panicky," she said, "and then I noticed my cordless phone didn't work."

      Sounds like they were knee-deep in it if the cordless phone didn't work.

      • When you see "cordless phone" in this kind of story, you have to understand that it's usually not "cell phone." It's literally a cordless phone connected to a base station then a PBX for internal communication and through that to POTS. Most of those systems are digital. If connected to the intranet or internet, it's vulnerable and probably not as well protected as the hospital's servers.

    • Most of the individual computers don't. But they need to be connected to a central EMR (electronic medical records) database system, and HIPAA requires that system to have Internet access. HIPAA requires EMR systems be able to transmit patient records over the Internet. So if for example you moved and visited a new doctor, your old patient records could be transmitted electronically to your new doctor. (There's a provision that lets you send records via fax, but it's rarely used.)

      Most of the tenants in
      • I use Kaiser. They've had mainframe-based patient records for decades. Windows interfaces on that have been more common in recent (maybe 10) years. And they do have fairly strict protocols; doctors never leave a screen open longer than needed to look up and/or enter data. My doctor only needs to hit one key or mouse click to blank the screen after which a new login is required, and it'll time out in only a few minutes anyway (sometimes requiring re-login during an office visit). Not sure how well they're is

  • Why? Really, why? (Score:4, Insightful)

    by misnohmer ( 1636461 ) on Friday November 27, 2020 @07:54AM (#60770158)

    Can anyone explain to me why these systems which control chemo-therapy were not isolated from the internet or random USB drives (whatever was the attack vector was)? Even if the system needs to transfer data from another location, is it really that difficult to isolate them? Heck, send the patient files via serial port between an internet gateway and the internal system, using a very strict protocol, so worst case the internet gateway is corrupted and no new files can be transferred until the gateway is restored, but the internal network remains untouched. Do some basic threat modeling of the system and draw some clear trust boundaries, internal network should be separate from anything accessible from the internet, and any data transfers across that trust boundary should be scrutinized, secured and authenticated - no "oh, just send a query to the database on the internet" bullshit. How many ransomware attacks will it take for the designers of these systems to take security seriously? Stop connecting everything to the internet because it's easy.

    • by Stonefish ( 210962 ) on Friday November 27, 2020 @08:05AM (#60770170)

      I heard numbnut comments like this all the time. The answer is simple, systems are more valuable and useful when they are networked.
      Limiting their ability to network detracts from their value. For instance a networks chemo-regulator can check if the dose of medicine is correct and that the patient is not allergic to the medicine and also that he's the right patient.
      Schmucks who think that isolated networks add value are morons.

      • Re:Why? Really, why? (Score:4, Interesting)

        by misnohmer ( 1636461 ) on Friday November 27, 2020 @08:55AM (#60770232)

        And getting hacked does not detract from their value? Putting a lock on a home front door also detracts from usability value, but nobody will argue it that locks make the home less valuable.

        Your answer sounds like one of those managers who thinks they know everything and assign absolutely zero value to cybersecurity because it's something they cannot themselves see or understand (Oh look! We enforce "strong" passwords for all staff who logs in, we are unhackable!), and assume that customers don't get it either (which sadly often they don't, until a breach hits them financially).

        Properly securing a network does not need to limit its functionality. All the information such networks need can be clearly identified and their transmission secured (and the information itself, such as allergy information can and should be also be authenticated). Sure, it takes more effort to do this than just issue an SQL query to a database with a password which never changes (so you can hardcode it in your scripts) or no password at all (even easier, less problems getting it to work), but that is the cost of security.

        Let's see how valuable those networks are they after you subtract the costs of cyber attacks. Economics will show us who is right. Or, if governments of the world mandate hacking/ransom insurance, the insurance companies will calculate precisely what the cost of not securing your network is.

      • Or perhaps have been members of organizations under active, persistent attack by nation states. Isolating from the Internet, and having only low-bandwidth, passive data connections (like Kermit or CD sneakernet -- nothing USB, think about it) is inconvenient for sure, but certainly doable

      • by 1s44c ( 552956 )

        That's just crazy talk. A nurse workstation in a chemo ward doesn't need internet access. It doesn't need to talk to other workstations. It doesn't need very many things each of which is a small security risk. All it needs is to be able to read patent records for the day's patents and access to essential patent related systems such as medication inventory management and a scheduling interface.

        You can allow unlimited internet access from machines you manage, but leave healthcare alone. You would just get peo

      • In the Department of Defense, we have "isolated" networks for classified work. I put isolated in quotes because, while not connected to the internet, they are fairly vast networks useful in their own right. They actually physically run over the regular internet but are essentially one huge VPN that is not addressable from the regular internet and are heavily encrypted. And you can't just plug something into a connected computer - there are physical and logical barriers after Bradley Manning. Knowing what
      • How's the value of that non-isolated system now?
    • Most of the software in hospitals is running in some kind of client-server setup. The application on the workstation communicates with the application server, which probably communicates with a database server, interface server, and possibly a web server. Some of those servers may be combined depending on load and how granular your virtualization is or just how the vendor licenses things. There will also be similar servers for the test system (usually more consolidated). All those servers are generally fire

      • "Server" does not mean it has to be on the live internet reachable by anyone in the world. Servers can physically reside in the hospital IT room isolated from the internet, or they can live in a datacenter somewhere however they should only be accessible from a private network, to which the hospital network is VPN'ed into. Neither the hospital network, nor the servers, should have any internet access (only the VPN tunneling servers between the sites). Furthermore, you can design server-client to not trust t

  • Why do we even have Russia or North Korea connected to the internet? Cut them off from the rest of the world already, they provide nothing of value and are nothing but leeches and criminals. A virtual blockade would be much easier to "patrol" and prevent a lot of this crap.
    • A "virtual blockade" from the outside is impossible, even for countries as isolated as North Korea. They have multiple connections through friendly countries that won't cooperate with any blockade, at best (may actively participate in avoiding it). China and Russia are far more connected. So there's always a way to get in or out. Frankly, it's unlikely that the attacks happening now are actually hosted in China/Russia/NK - they're hosted elsewhere, often in well-regarded commercial systems. The cloud works

  • Comment removed based on user account deletion
  • to many 3rd party vendors need remote access to systems on the local network and in some cases you can't even install windows updates as the FDA may need to test each update.

  • by RitchCraft ( 6454710 ) on Friday November 27, 2020 @12:10PM (#60770570)
    then perhaps we need to pressure these countries into tracking these criminals down. If we are certain these attacks are state-sponsored then definite sanctions need to be put in place until the attacks cease. This goes for us in the US as well. I'm sure we have groups, perhaps even state-sponsored groups, that are up to no good. This needs to stop. The individuals/groups that target the health industry are of a particular kind of evil.
  • A wave of damaging attacks on hospitals upended the lives of patients with cancer and other ailments. “I have no idea what to do,” one said.

    Stop using Microsoft Windows to store your patent records.

"I'm a mean green mother from outer space" -- Audrey II, The Little Shop of Horrors

Working...