Three London hospitals have had to shut down most of their computer systems after being struck by a virus.
St Bartholomew's (Barts) in the City of London, the Royal London Hospital in Whitechapel and The London Chest Hospital in Bethnal Green are all part of the same NHS trust — Barts and The London — and have all been affected.
The virus first hit on Monday afternoon, according to a spokesperson for the Trust. "The IT department put in place procedures to counter the virus, and at close of business yesterday, they believed they had contained the virus," the spokesperson told ZDNet UK on Tuesday afternoon. "When staff logged on this morning, it proved that the virus was more widespread than previously thought [and] we closed down all but the essential areas of the system." The spokesperson did not identify the virus.
The essential areas that have been left up and running include the systems for accident and emergency, intensive care and pathology. The spokesperson for Barts and The London was unable to say when the rest of the Trust's systems would be back up and running.
In a statement, the Trust stressed that "well-rehearsed emergency procedures have been activated to ensure that key clinical systems continue while network access is being established".
"We have maintained a safe environment for our patients throughout the incident," the statement read. "Manual backup systems are in use, and we are in the process of restoring the computer systems with priority being given to the most important areas for maintaining patients' services. Operating theatres and outpatients departments have remained operational throughout the incident, though some non-essential activities have been scaled back."
Patients with appointments should turn up as planned, the Trust said, although those needing transport services to or from their appointments will probably find those services disrupted by difficulties with computer systems.
"Any patients with urgent concerns about their appointment should contact the trust on 020 7943 1335, which is manned between 9am and 8pm today and tomorrow," the statement read.
Talkback
This report draws our attention to the fact that once again, the battle to protect a network from malware has proved insurmountable. We are now very aware that anti-virus applications alone cannot control this problem. Out of the 99% of enterprises with anti-virus protection, 62% still suffered a malware infection. (Yankee Group, 2005 Security Leaders and Laggards Survey)
One solution to consider to defend against such problems is a more pro-active approach, Application Control (white-listing) which provides granular, policy-based enforcement of application use to proactively secure endpoints from data leakage, malware, spyware, keyloggers, Trojans, rootkits, worms and viruses, zero-day threats and unwanted or unlicensed software.
Think about how you control this type of outbreak - by identifying the potential threats and stopping them OR just stopping them from executing in the first place.
It has been my opinion, for several years, that critical organizations should not be running a windows based system. Medical institutions, law enforcement, communications, military, etc. There is no sure way to protect them, other than unplugging the network. While true that any system can be compromised, windows is the easiest, and even with all safeguards in place it is still vulnerable. A false sense of security is a dangerous concept.
I wondered how a virus could cause such a major issue.
I discovered that W32.Mytob.@mm is a mass-mailing worm that uses it own SMTP engine to send an email to addresses that it gathers from the Windows Address Book on the compromised computer. The worm also has the ability to open a back door and spread through the network by exploiting vulnerabilities.
So the problem spreads due to known vulnerabilities.
Managing vulnerablities is multi-faceted. It is not just about patching them, but it is about identifying and managing risk in a timely and cost-effective manner.
To be effective, there are a number of phases to vulnerability management.
Phases of vulnerability management:
- Discovering assets
- Assessing vulnerabilities and misconfigurations and prioritizing risks
- Mitigating non-patchable risks
- Remediating vulnerabilities
- Reporting and monitoring
Once vulnerabilities are known, the need to prioritise them and know where they need to be deployed is paramount. If all we do is identify that we have thne but are slow to do something about it, then we leave ourselves open to potential exploitation.
Once we have resolved the vulnerability, it is essential to continously monitor for those vulnerablities, since all it takes is for a user to reinstall their system from their CD and they are back to where they started. A comprehensive monitoring and reporting system rounds out a true vulnerability system.
By looking at risk and management of vulnerabilities in this way, IT managers can begin to take control of their environments, and not be laid open to potential chaos that arises when someone takes advantage of them.