[Scoundreller]

As with most environments, there’s a lot of trust based in a hospital running successfully.

At least they have their own on-site security that’s experienced in taking people down.

I continue to believe the real threats are actual insiders and remote attacks.

Dunno how far someone will get with a USB key versus sending everyone a plausible email.

[JBlue42]

In my org's environment, not very far with USB key. Email = very much yes.

We had one user who called after filling in every email address she had into a very plausible looking O365 login page. She admitted she initially distrusted the email/link that led her to this page and had replied saying so. The hackers on the other end told her to go ahead and do so. I mean, who she to question when it's coming directly from the hospital's lawyer?

[ohithereyou]

>Dunno how far someone will get with a USB key versus sending everyone a plausible email.

Insiders still can be threats. There was a machine that was deployed in a hospital for clinical imaging that some rad tech who guessed the administrator password put folding@home on without telling anyone which crippled that machine's ability to perform its function.

[wutbrodo]

> some rad tech who guessed the administrator password put folding@home on without telling anyone which crippled that machine's ability to perform its function.

How incredibly bizarre to do something that dumb for no personal benefit.

[Scoundreller]

F@H had value!!!

I do remember an IT admin day that said he ran SETI@Home at a low priority on all machines because detect any problems with a machine (e.g. spyware, crashing, heat problems, etc.)

But 2002 thinking wouldn’t fly in 2019.

[Bnshsysjab]

BTC miners occur more than F@H these days, but they happen plenty.

[ohithereyou]

This incident occurred before crypto mining was a thing many knew about. He thought that since the machine was unused overnight that someone should get some benefit from it.

[pharrington]

You plug in the USB key, then you pull out the USB key.

The physical security layer at alot of hospitals is almost entirely absent, sadly.

[Scoundreller]

What I meant was that sending everyone an email will get you further with less time/effort than actually going.

[chapium]

USB keys are blocked mostly these days. There are other huge vulnerabilities if you have physical access and are motivated.

[Bnshsysjab]

From experience in plenty of industries, your statement is incorrect. Most places suck at security and blocking removable storage, but likewise suck at far more important controls (eg application whitelisting) for it to really mitigate much in the first place

[rolph]

or you swap keyboards with a special keyboard [maybe a pineapple?] , or you can swap ethernet patches around.

[Scoundreller]

Given how terrible a lot of low-end Dell keyboards get after years and years, most people would cheer :)

With the main apps being virtualized, workstations are refreshed less often than they used to be.

[newnewpdro]

These aren't mutually exclusive vectors of attack, they all need to be addressed.