Who cares some faceless person stole information from the Queen Elizabeth Hospital?

A recent report caused the blogmaster to search BU Archives.

As far back as 2014 with the support of vested parties led by subject matter expert James Bynoe, several blogs highlighting the threat posed by cybersecurity were to Barbados Underground – list a FEW- Understand Internet Data Privacy: What should you know and expect, Website Defacement Cyber threat to the Caribbean and Caribbean Businesses, Organizations and governments and people could be losing millions to cyber criminals and hackers and don’t know it appeared. For those interested do a search using ‘cybersecurity’ of the BU Archives.

Last week it was reported the Queen Elizabeth Hospital (QEH) suffered a cybersecurity incident. Another way to explain it – information was stolen from QEH’s database by unknown parties. So far the official and sanitized explanation is – “the QEH was taking all necessary precautions to protect the integrity of our systems ans patient privacy“. On December 14. 2022 the QEH issued a report indicating changes to its operations because of the cybersecurity incident – Temporary Changes At QEH Due To Internet Outage.

The blogmaster from the inception of Barbados Underground in 2007 has been bemoaning the lack of financial and IT literacy in Barbados. A read of the comments section under the blogs linked and others support the conclusion. Several BU commenters questioned the bona fides of James Bynoe and the priority given by BU to matters of IT security in the Barbados landscape. As the saying goes, if you don’t hear, you will feel.

So far the official statement may suggest to Barbadians the government and officials at the QEH have the matter under control, FALSE. We have confirmation from officialdom of a breech which means an unauthorized person or persons have access to confidential health information of Barbadians and others who have had to seek medical attention. The information stolen can be used for many purposes depending on what stored in the QEH database. According to website TechTarget a primary healthcare provider database includes the following:

  • name;
  • address (anything smaller than a state);
  • dates (except years) related to an individual — birthdate, admission date, etc.;
  • phone number;
  • fax number;
  • email address;
  • National ID number;
  • medical record number;
  • health plan beneficiary number;
  • account number; credit card details (blogmaster)
  • certificate or license number;
  • vehicle identifiers, such as serial numbers, license plate numbers;
  • device identifiers and serial numbers;
  • web URL;
  • Internet Protocol (IP) address;
  • biometric IDs, such as a fingerprint or voice print;
  • full-face photographs and other photos of identifying characteristics; and
  • any other unique identifying characteristic.

It is optimistic for concerned Barbadians to expect reasonable explanations to be forthcoming from government. No doubt the ramifications of the QEH breech will be cloaked under it being a national security matter. There is a ‘casualness’ successive governments seem to manage confidential information of Barbadians, some have not forgotten the sharing of personal information by the Barbados Electoral Office leading into the last general election.

The blogmaster is not optimistic the rank and file Barbadian understands the importance of managing data in a protected environment ‘far less’ our leaders. Being reactive is a curse we will have to live it seems.

Where there is no vision what…?

37 thoughts on “Who cares some faceless person stole information from the Queen Elizabeth Hospital?

  1. I know Bu X’mas season is when people start acting nice to each other, but Johnny Knocks should be sanctioned in my humble opinion for chatting bare shit

    Big Tune from the Grace Thrillers

  2. Karma acts promptly these days, int got no time to waste. There has been a complaint that RoB reps commissioned the hacking of someone’s laptop last week, apparently, hackers had the same idea for a gov entity, which is a much bigger loss. Keep going after people, but be sure that someone is waiting in the wings to come after you too. You are not untouchable or invincible.

    People’s personal information, ID etc are still in cyberspace. Gov entities can’t handle consistent attacks.

  3. Perhaps “James Bynoe” should now assist the QEH for free as it is his sister that now runs the institution.
    Barbados has way too many cover-ups and conflicts of interest to work effectively in a Digital Era. We are seeing that unfold and will see a whole lot more of that soon. Sorry to say.
    “It is against that backdrop” that I will say: “Cybersecurity in Barbados lacks the credibility that it needs to have because of a plethora of charlatans the have invaded that space”. These un-masked and un-shrouded Cyber-Villains seek nothing more than to saddle clients with hugh bills for one hundred plus page “reports” that were generated by a template site or a downloaded pc application.
    These wretched fakes and frauds, peddlers of snake oil and empty promises, when challenged cannot provide any deep technical insights to their clients about Cybersecurity matters, but will instead opt to speak in terms of cliches and buzz terms aimed specifically at confounding and confusing their targets.
    They come with lofty business names like “Caribbean Cybersecurity Center” and “Carisec Global Inc” just to name a few of the top “shadow boxers” knocking about the place today.
    These companies are one man shows, masquerading as full service Cybersecurity Organizations with a staff compliment and brick and mortar locations to match, but are not even close.
    Their owners /managers are relentless pirates who call companies on a weekly basis trying to scare CEO’s and other top management about what is happening in Barbados as it relates to Cyber threats, and what will happen if these persons are not allowed into the respective organizations to implement their own will and desires. These activities are solely aimed at getting a foothold, extracting as much cash as possible and as quickly as possible before the unsuspecting target starts to see through the veil. By that time, if they are lucky the financial disadvantage to their company can be contained, but it is not without some fiscal pain to the specific target.
    However, if you ask some of these “C-list” actors for extensive references, success stories, or just plain old Certifications and a history of employment, that line of questioning will normally make for light work and they will hastily beat an exit!
    The QEH, NIS, and any other organization in Barbados that is serious about Cyber Defense, Cyber-Resilience or just plain old good Cybersecurity practices and policies, needs to do their research and start to speak with those persons who do not pontificate and proselytize, or seek aggrandizement and attention. Get in touch with companies that are doing something “right” as it relates to Cyber and avoid the excessive noise coming from the “Peanut Gallery”, because, as we have been shown by example, its “Empty vessels that make the most noise!”

    • @The Watcher

      List the agendas of the cybersecurity shops peddling for business, it does not change the passive approach of leadership in government and even private sectors.

  4. The Wicked West went to War to implement their [racist faces] New World White Colonial Odour and claimed their illegal spying was required for fighting terrorism terrorism terrorism, when it was noted they really wanted to spy on all civilians and illegally share data with septic tanks yanks using apps like Prism, against data protection laws, human rights and international law they implemented new laws to say they was now kosher and legal. The mission creep was to spy on all under the guise of drug wars, money laundering, spy watch lists for activists, extremist politics. I have been added onto IP blacklists just for commenting radical ideas about their white supremacy racism, slavery reparations etc .
    GCHQ NSA UK USA are now prejudiced and hypocritical about China and their superior IT technology and stronger economy overtaking and lapping them. They spied on BLM but turned a blind eye / took their eye off the ball against racism populism and russian help for brexit and trump.

  5. Bu seems to operating an algorithmic blockage for quality control, where the Blogmeister performs a coin toss review to determine what can pass through. Where can it can be when I get rid of this misery, but this here action will cause a reaction, when this man is saying that man can’t pass.

  6. @ David on December 18, 2022 at 10:47 AM

    Well, you probably know just as well as I do, that when we Barbadians ( both born and naturalized) have to spend money on something, especially when that thing is not tangible and we cant see the immediate returns, we get real cheap!
    Correct me if I am wrong here ( and you seem to be plugged in more deeply on the political front than I ever will be), but government seems not to do a whole lot of anything unless there is some political capital to be gained from it.
    The private sector on the other hand, does not seem to do much of anything unless some form of profit can be realized from it.
    Cybersecurity as a practice, unless its being peddled by some firm whose specialty it is, wont result in many political check boxes, or high profits respectively, so its implementation will wain until it just goes away or so we hope.
    So the “passive approach” that you have identified is just us being who we are. We will have a national call to action when EZPay or the Treasury or Finance or the Central Bank or even SWIFT gets the juice squeezed out of it and we can no longer drink from the cup of procrastination.
    As for the Private Sector, well, they will shape up when they are frozen stiff out of their databases and communication links for two or so weeks and the business is now on the verge of collapse. Alternatively, if I know them well enough, they will pay the ransom and expect us to pay their increased price model as a result of their poor decisions.
    Its coming though, that Cyber event that will cripple many of our systems is coming if we dont get serious enough about this hi matter so just hang on and wait for it.

    • @The Watcher

      Your summation of the matter at hand cannot be faulted too much. It boggles the mind why we are not having the self labeled advocates coming out of the woodwork with the same zeal to compare with the IDB Survey matter for example. It is a serious matter the ease databases of public and private sectors are being penetrated in Barbados.

  7. USA and UK spend billions on spy budgets and hundreds of billions up to one trillion which is one million million on national security budgets which is taking the piss. It is a scam man.

  8. I have an opinion that is similar to The Watcher.
    Sometimes, I wonder what safety measures are in place?
    Is our IT keeping abreast of developments in their field?
    How is the system accessed?

    A word to the wise
    I worked at a large international pharmaceutical company (32,000 employees which had the following protective measures in place
    (1) Employees could not download any app or exe files from the internet.

    (2) Necessary apps were stored in “software center” on the company system and it was from there we were able to copy required apps to our computers

    (3) We could not save files from our computer to a flash drive or any external device

    (4) We used our userid and password for initial logon to the company computer, but to go access company information we would then have to log-on to the company site and as part of the process entered a number generated by a token; every person had his own ‘token” generator and this was issued with the computer.

    (5) If there was an issue, then an IT technician would access your computer using a special system. You would have to contact IT and go through a verification process before help would be provided. They then had to request access to view your computer remotely.

    (6) New users (employees) were given a profile and access based on the tasks they were performing

    (7) Access to additional folders had to be requested from IT after request was approved by the ‘folder owners’. ‘Folder owners’ could not grant you access

    (8) This was a company with a large footprint in several countries. Though there was an IT department in some countries, I got the impression that (a) a standard process was applied when giving people access to the system and (9) all IT staff was controlled by a central site. Basically, IT was broad enough to accommodate different user groups and different sites, but it was a controlled process.

    10) Every computer had mcafee computer antivirus.

    Short note: I started to take some computer course when studying in ST Augustine. It did not take me long to decide that the “computer God” was not worthy of worship. Have your own measuring stick. Don’t believe the hype.

  9. @ TheOGazerts on December 18, 2022 at 7:17 PM:

    So what you have outlined here is just Good IT, Security and Operational Policy in effect.
    nothing rocket science in it. I bet that almost everyone followed it without as much as a challenge to its existence.
    You know what I suspect also, your pay was closely tied to making sure that these mandates were followed else you would be out of a job. I bet that much!
    So what you have written here we can achieve quite easily. We just have to want to understand that value that it brings and then have that desire to be successful.
    Perhaps you can summarize it and submit it to the Nation or Barbados Today as a Cybersecurity piece. I see that those publications tend to print trash from the Peanut Gallery that has no real value, so maybe they will do an about turn and print yours which to my mind has a ton more value

    • @The Watcher

      What was outlined is good security policies by any company but is that all that is required to defend against external attacks from hackers?

  10. “or even SWIFT gets the juice squeezed out of it”

    SWIFT is a global messaging system between banks
    it does not perform payments or settlements etc just instructions between banks
    hacking SWIFT would not be a big deal

  11. hacking SWIFT would not be a big deal..
    .. banks have their own systems for downstream processing of incoming messages and creation of outgoing messages, security lies within the banks systems

  12. Can’t even see any real posters these days. Hope Pacha, William, TLSN, Terence etc are paying RAPT attention. Real drama and action playing out everywhere, of the big leagues variety. So much happening ya gotta keep ya head on a swivel and make sure none of it sticks to ya…lawd…what a chain of events.

    Staying in my little corner bosie, don’t want the world class big players steam rolling over tiny me. Who would have thought.

  13. I am not IT. Was just commenting on what IT did at my company.

    There was a Barbadian (IT) guy who was born in England of Bajan parents and foolish me got in a conversation of who is a “real Bajan” and who is not. I realized my ignorance and apologized, but that is why I am so sensitive about comments directed towards us in the Diaspora… We remain real. We are real

    • The comment was not directed at you, it is about identifying government’s lack of a robust cybersecurity strategy/policy.

  14. “What was outlined is good security policies by any company but is that all that is required to defend against external attacks from hackers?”

    I tried to emphasize how IT was centralized, proactive and was limiting access to the computer system. It would be sensible to believe that other methods were employed.

    A word to the wise
    Along with this hack, we recently had someone removing data storage media from BWA premises. So besides electronic defense there must be steps to ensure that storage devices with confidential information are protected; to monitor access to the building and what is taken in and out of the building.

    Given the easy availability of sensitive information, I am doubtful of the steps employed to protect these data.

  15. Once again I see an attempt to assign weights to various contributors. Whilst I admire the intelligence and contribution of some here we must all remember this . “There are no Gods; the Gods are all dead”.

    One of the reason Barbados finds itself in trouble is that there is too much hero worship. Two men may say the same thing, but the quality of the statement is judged by who says it. If we embrace that fact that a sensible man can talk nonsense and an idiot may speak with a nugget of sense, then we may be able to discern when our experts are giving us less than stellar advice.

    Please use your rankings but do not disparage the comments/contribution of others.

  16. “AOP: I consider myself as making real comments.”

    One of the very few.

    It’s instructive that those who spent years stalking and harassing commenters have had the blog to themselves for months and dont know what to do with it, as some of us knew would happen. That is after they spent years showing massa what good divisive slaves they are and enabling massa to proceed with panache.

    I don’t mind them loving their massa mind you, cause i unbiasedly find some of massa’s intellectual prowess and intrigues quite attractive from a certain point of view..but one should love self first. Either way it’s too late for the good slaves to recover lost ground anyway. They blew their load on the petty and silly..

    Watch as things unfold.

    Anyone knows how the “Let’s Sue Massa Show” is proceeding. All types of things ah gwaan, so ah gotta axe, ya never know. Are they still chasing the Drax and cousin Charles shadow.

    I heard some billion dollar figures calling in another reparations arena that is heating up, only problem is, the figure should be trillions, billions are nothing in these times, but i staying outta dat one.

  17. “We remain real. We are real”
    “I consider myself as making real comments.”

    In order that you perceive your reality
    you must have working senses
    that means your body must function
    before you can perceive a reality
    So what runs your body?
    Is it within your perceived reality or from outside?
    Your heartbeat all the rhythms of your body, the laws that govern life are not coming from your perceived reality
    they’re coming from the total reality
    the whole universe is working through you
    and then you become alive
    and then make your perceived reality
    all those rhythms are methods of communication
    you are communicating with the whole universe
    your life is through the life of the universe
    what are the laws that make you breathe? think?
    where do these laws come from?
    must be beyond the perceived reality
    because they must be there first for us to be perceived reality
    Is the light that you see in front of you produced by the sun or by you?
    The sun is radiating energy
    energy your brain converts into light
    so you are producing the light
    so if you want to see your inner light it is in front of you
    you are producing this perceived reality that is produced in your brain
    all the senses are created in the brain
    you can only perceive 5% of the whole
    how can you assume you are translating the whole reality out there?
    that’s why we call it perceived reality
    If I make my reality I am like a projector
    after you produced it in your brain
    you have to project it outside
    because this reality
    if it not projected
    you don’t feel it as your environment
    so the senses do not only keep information
    it is not a one-way street
    all your senses work both ways
    active in reception
    active in projection
    in projection of your reality outside
    and then you think it is outside
    it’s lie a projector, during the movie, you are living the film out there
    but in reality the film is in the projector
    so the projector is your brain, the film is in it and you projected outside
    the act of projection and the act of producing light and all that
    takes energy
    a projector if you keep running it will heat up
    same thing with you
    because it is a left brain operation, your reality is made up, through the activation of the senses, then what happens is it overheats if you use it too much so you you have to sleep, whenever it gets too stressful you daydream and activate the other part of the brain and it is relaxing
    if a person has too many problems they just daydream
    the more you concentrate the more you stress
    If I am producing my reality and I have a projector I’m producing my reality
    I can control it and I can play with this reality I am producing
    but it doesn’t work that way
    Imagine there are 100 projectors out there producing the film
    Whatever I do one will not even be seen out there
    Even if I close it off completely the film is still going on
    it’s like if I have one instrument with one string and I hit the string and I can stop it the sound goes away
    but now if I have a musical instrument and I hit my string and then stop it the sound will not stop.. resonance
    the reality through resonance becomes solid
    resonance is a form of interference and becomes solid through resonance
    we are parts of forming it, but we are not the total forms of it,
    so at the end it becomes our reality
    so this is our perceived reality

  18. Root cause of all of these issues is poor IT governance.
    I gave a statement to the police (at CID headquarters) a few years ago as part of an investigation. The officer was using a Windows 98 desktop, it was not networked and everything was saved on the local HDD. A few months later I learned that there was no record of my statement and to expect a call from the same officer to give my statement again. Never got the call and later heard through the rumor mill that the officer and supervisor were both suspected of corruption.
    Owen and the squandermania years should have focused on IT governance not just Edutech. The result is a country continuously behind the 8 ball in a perpetual state of catch up

  19. This is what some are supporting and pretending they don’t know. You should see the predator trash all dressed up in lipstick. The predator pedophile scum they are letting loose on children worldwide.

    “Aussie Trans Sex Offender Jailed After Sting Operation

    A transgender Australian has been jailed for five and a half years after attempting to solicit sex with a nine-year-old girl and her mother while already on bail for sending explicit messages to underage girls – who turned out to be child exploitation detectives.

    Tiane Miller, born a man, reportedly asked the woman she was chatting to online if her daughter wanted to “be in the room and get naked too,” before being arrested by cops at an arranged meeting point in possession of children’s lingerie.

    Miller had been bailed for having sent a series of lewd messages – including images of the suspect’s penis – over three weeks to who the individual believed were 14-year-old girls before cops pounced on the individual’s home.”

  20. African Online Publishing Copyright (c) 2022. All Rights Reserved. on December 19, 2022 at 10:31 AM said:

    “AOP: I consider myself as making real comments.”

    One of the very few.

    It’s instructive that those who spent years stalking and harassing commenters have had the blog to themselves for months and dont know what to do with it, as some of us knew would happen. That is after they spent years showing massa what good divisive slaves they are and enabling massa to proceed with panache.


    The pot calling the kettle black.


    You got the blog all fuh yuh self and still can’t stop criticizing and HARASSING other bloggers and coming with yuh samey, samey comments EVERYDAY.

  21. Cuddear…some anonymous feelings got hurt. Give it a couple months, say about 6 or a little more, it will get much, much worse.

    Karma is so competent.

  22. Nonsense! Is ONE transgender paedophile representative of the whole bunch?

    If one heterosexual person who is not transgender is a paedophile, does that make all of us paedophiles??????

    This is the level of idiotic thinking that got me tired and needing a break in the first place!

    A departure from logic meant only to allow the “thinker” to remain in his or her comfort zone.

    Some of us, myself included, don’t mind being uncomfortable.

    Truth be told, I would love life to be that simple, two sexes, two genders, each loving the other sex, just one neat package.

    But the reality is that life and people are messy! And I have NO RIGHT to tell another person what gender they are or to whom they must be sexually drawn.

    It has no bearing on my life. A person has been given, even according to the Christian book, the right to determine how he or she lives life.

    Again, according to the Christian book, God is quite capable of judging and determining their final fate. No help from humans is necessary.

    I support the right of people to live their lives in the manner that suits them, as long as it takes no rights away from me.

    As far as I know, I have the right to remain a female heterosexual.

    As far as I know, there is no plan afoot to deprive me of that right.

    Nosey old farts need to mind their business!

    • This is in today’s Barbados Today.

      Expert says tough Cybersecurity Laws needed
      Article by
      Randy Bennett
      Published on
      December 21, 2022


      A top international cybersecurity expert says security systems in Barbados and the rest of the region are about five years behind where they need to be.

      And while he stopped short of giving them a failing grade, Ricardo Martinez, chief revenue officer of the Florida-based DigitalEra Group that has been working within the region for the past 20 years, said those systems were well below international standards.

      His comments come in the wake of a cyberattack at the Queen Elizabeth Hospital (QEH), just over a week ago, which crippled operations at the island’s sole public hospital.

      As a result of the cyber incident, some surgeries and appointments were postponed and the hospital’s pharmacy was temporarily closed, while other services were also impacted.

      In an exclusive interview with Barbados TODAY, Martinez said an occurrence like that in the United States would have resulted in regulators imposing substantial fines.

      “That hack that occurred to this hospital, had that happened in the US they would be violating HIPAA [Health Insurance Portability and Accountability Act] compliance. There’d be multiple lawsuits and there would be fines from the regulators – hefty fines, probably in the millions of dollars – because of the systems that were hacked and the personal identifiable information of patients that was lost,” said the senior executive at DigitalEra Group, a specialised solutions provider offering cybersecurity consulting, strategies and services.

      Martinez, who has over 18 years’ experience in the cybersecurity field and has worked with American global computer security software company McAfee Corp., said the standards of security systems in the region were simply not up to par.

      “I think that there is much more awareness from organisations, they just haven’t implemented them and they haven’t really adopted good security practices. If I was to give them a grade I wouldn’t fail them, but they wouldn’t be passing, they’d be in the D to C- level just because they do have the technology.

      “A lot of them are leveraging legacy technology, which is unfortunate, and I think that’s part of the problem, obviously, with separate islands throughout the region, and there are not very good security practitioners in the region. A lot of the times when you go into technology you go into IT, you’re now focusing on the cloud, but there aren’t that many cybersecurity experts in the different countries to help support the number of businesses that need this type of service,” he said.

      “So, I think the maturity is not where it should be. They [the region] are usually about two to three years behind, but right now I’d say they’re probably about five years behind advanced security programmes like in the US.”

      Martinez suggested that tougher legislation governing cybersecurity be introduced in Barbados and the region.

      He suggested that laws that make it mandatory for cyberattacks to be reported would encourage businesses to beef up their security systems.

      “I think it does help the awareness and also up-levels cybersecurity. So now that you have to disclose it, you’d be more inclined to protect your systems rather than have to announce to the world that you have been hacked,” the cybersecurity expert said.

      “So, I think just by having that mandate will have organisations rethinking their strategy on cybersecurity and making sure that they are implementing the right tools and processes to avoid them being exposed.”


    • Cybersecurity Incident (Dec 2022) Updates
      December 16, 2022

      As we continue to work on restoring affected services we will be posting all updates regarding the cybersecurity incident on this page; arranged chronologically.
      Latest Update
      December 19th, 2022

      On Friday December 16, 2022, we promised an update on our efforts to restore full operations to the Hospital. We are pleased to report that MIST has informed that we are positioned to restore operation to four priority departments by Wednesday December 21, 2022. This will alleviate the pressure placed on our Medical Services, and Accident & Emergency Department. We are equally pleased to report that salaries promised by December 22, 2022, have started to be paid. Thanks to the support of MIST, our IT department and private experts, we have made progress despite the circumstances. We thank the public for its continued patience and understanding. Further updates will be provided.


      Source: QEH

    • Here is a recent statement from QEH regarding the cyber breech which says little to the public about the seriousness of the breech.

      Normal QEH operations phasing in from January

      The Queen Elizabeth Hospital (QEH) should be commencing the phasing-in of normal operations from next week following a cybersecurity attack two weeks ago.
      In a press release yesterday signed by chief operations officer Dr Christine Greenidge, she said cybercleaning had begun.
      “We are pleased to report that our IT (information technology) team, working with private and international experts, continue to work on containing the problem and doing full system assessments. To date, cleaning of the hospital’s computer systems has also begun.
      “The return to regular Internet-based activity will occur in a phased approach across the hospital and is expected to commence during the first week in January,” she said.
      In the meantime, Greenidge said they remained committed to operating manually despite the challenges. She said the hospital’s departments and wards remained open, though there were some changes.
      QEH Pharmacy – It remains open from 8:30 a.m. until 4:30 p.m. Monday through Friday and until 2 p.m. on weekends and public holidays. The Medication Delivery Service remains suspended. Individuals are invited to either contact the pharmacy for advice via PBX 436-6450, visit with boxes/ bottles due for repeats or visit to collect prescriptions and receive advice. When visiting the pharmacy, people are asked to walk with their Barbados ID card.
      Outpatients clinic – This too remains open to the public but there may be delays and changes to visits given the current situation.
      Medical Records (appointments) – The cybersecurity incident has prevented the department from issuing appointment dates at this time. People are urged to still present with their paperwork, referral or appointment slip to have the need for a clinic date logged.
      Accident & Emergency Department remains open.
      The attack occurred on December 13 causing an extensive disruption and
      suspension of all Internetdependent services at the hospital. Executive chairman Juliette Bynoe-Sutherland said swift measures had been taken to protect confidential patient information. (PR/CA)

      Source: Nation

The blogmaster dares you to join the discussion.