Re: Terrifying - NHS IT bods leave ports 445 and 139 open to the internet on firewalls?
Thing is, it could have just been 1 firewall at 1 pharmacy in the arse end of nowhere, connected to the 'net via the dial-up modem they received in 1998. No firewall. No decent security setup. No ports blocked and no updates because they take all week to download. Then you VPN into N3 and suddenly it spreads to the whole system, because you're inside.
I have literally seen exactly this setup in the NHS when I worked for them about 5 years back, so it's not far-fetched. Many of the trusts themselves have very good external security, but are helpless if someone can gain access from inside; it's still run on fortress-style security principles rather than compartmentalized.