- cross-posted to:
- news@lemmy.world
- cross-posted to:
- news@lemmy.world
If a hospital can’t operate because some asshole was able to remotely hack it bad enough to basically shut it down, we might need to rethink how things are run.
Happened in Germany recently. They could continue to operate since everything is still backed up in paper, but everything went slower and new emergency patients couldn’t be accepted.
It is shocking that the digital level of the hospitals is still in the 70s.
It is about funding. The corners IT has to cut is because lack of money.
Also the amount of legacy operating system to keep hardware like scanners running is a lot. Medical devices are delivered with a workstation that never updates. It is hard to justify buying a new mri of 1.5 million when the accompanied workstation is outdated.
Sure you can vlan and firewall the hell out of it. But they still have a large attack surface.
The whole health care sector is capitalism and it should be government lead.
This keeps happening and has been happening for several years now; why isn’t more being done to improve security and find the criminals? I can’t walk into a hospital with so much as a pocket knife because of physical security concerns, but cybercriminals keep taking down a new system seemingly every week, and this article says the software used has been seen for years now.
Fixing the issue doesn’t line the pockets of investors. People aren’t going to stop going to the hospital, so why fix it?
The FBI et al. do try to find the guys. Arrests happen relatively frequently.
But security improvements don’t happen because they cost money, and nobody is making them do it, though this is slowly changing.
When permitting security failures costs more than preventing, then companies will do something.
Can I sue a company for inadequate data protections if my data is breached? I assume I would have to prove damages, and maybe that becomes harder if I can’t tie the victimization to a specific breach. And probably the terms of service make it harder, like I might have to use arbitration and can’t join a class action suit.