back to article Scottish hospitals laid low by malware infection

Appointments for cancer patients had to be rescheduled after a computer virus infected the networking systems at two Scottish hospitals last week. The infection of laboratory PCs at the Stobhill and Gartnavel General hospitals meant the bookings of 12 patients attending the Beatson West of Scotland Cancer Care Centre in …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward

    >"it is getting through some very strong firewalls"

    Errr... no it isn't. If it's getting through them, they're not strong (but have left something trivially stupid like 445 open) and it they're strong, it's not getting through them but going round them (stop sharing pen drives, you berks!)

  2. Fred

    Why are they using Windows? FAIL!

    I've said it before, and I'll say it again - why is the NHS using public money to pay for an insecure operating system?

    The people that make these choices obviously need to contract some form of cancer themselves before they realise that it's people lives and well-being at stake, and that since the antivirus firms cannot keep up with the tide of viruses/spy-malware another tactic HAS to be used!

    They need to be using a secure platform that has been scrutinised by millions of brains driven by doing their best, rather than a mere 1000 brains driven by greed!

  3. Daniel
    Flame

    I llike to have a serious word with whatever muttonhead came up the the name 'Firewall'

    Oh yes, it suggests great raging barriers of incandesant plasma: impervious ramparts that will incinerate any 'hacker' with the temerity to approach them.

    IT managers(who usually know little about these things) like to be able to say they have 'strong firewalls' in place - perhaps imagining that this gives them the ability to send blazing pulses of righteous energy, up the wires, to fry the routers of miscreants trying to enter their systems.

    They can even be persuaded to part with substantial quantities of money, for a 'firewall' if you give it an exciting sounding name and fill, said manager's heads, with visions of teenagers in Virtual Reality headsets and waldo gloves 'hacking into' their systems.

    They'd get much less exited if you went up to them asking for a huge cheque, for a flat text file, containing a list of incoming and outgoing port-numbers, running on some crappy FreeBSD box, built from five year old components.

  4. Mike Hebel

    This is why...

    ...you don't use Windows in a mission critical environment. I'm sorry but if there's ANY chance of bringing any part of the systems of a hospital down then _ALL_ systems should be secured.

    And in my mind that means not using Windows.

  5. Anonymous Coward
    Linux

    Windows in mission critical, Oh dear not again

    Tut tut.

    Nice to know my national insurance payments are making some fat bastard in Redmond even fatter while they supply software with substandard security.

    New opensource file format coming to replace FAT32, it's called FATballmer

  6. R Poortinga
    Gates Horns

    Fire the admins!

    Any organization that does not disable autorun of removable devices through Domain Group Policies has idiots for administrators.

  7. Anonymous Coward
    Dead Vulture

    the what?

    Hasn't been the Glasgow Herald for over a decade.....

    It's now just "The Herald"

  8. Anonymous Coward
    Anonymous Coward

    Linux coment

    I know there is going to be a flood of people saying this would not happen if you didn't use windows.'

    To me that like say a car would not of gotten stolen if the car manufacture had used better locks and a security alarm, while ignoring the fact that the owner left the keys in the car and the door unlocked .

  9. Frank

    @Daniel re. Firewall

    A 'firewall' has been the standard term (for many years) for a structure that prevents the spread of fire within buildings and so protects areas of a structure from the danger that would be presented by a fire in another part of the structure.

    As such, it's a perfectly good term for those applications running on a computers that perform a logically similar function. Hint: the dangerous 'fire' is outside your computer, trying to get in.

    As others have pointed out, it doesn't matter how good your firewall is if you leave the doors wedged open and you are totally stuffed if some idiot working in the building hacks a hole in the wall because they can't be bothered to walk the long way round.

    In the real world, anyone who did that would be breaking the law and subject to criminal proceedings. In the computer world, it seems that few people even know what they are doing, let alone understand how dangerous it is.

  10. Anonymous Coward
    Anonymous Coward

    No excuse

    Windows can be used in a mission critical environment, I've seen it done to great effect.

    Can't tell you what it was, otherwise I'd have to kill you.

    But FFS, lock the hardware and the operating system down!! Stop people from uploading software to the machines, disable the USB ports so memory sticks can't be used.

    Don't connect the network to the internet! Put in some top notch firewalls, allow communication in and out of the network using SMTP only or devise some other propietry protocol to enable communiation with other hospitals.

    Disable access to the web.

    Treat the system like a military system and stop f***ng about!

    The MoD had a policy years ago of not connecting secure systems to the internet. Make it completely closed and nothing can get in. Aren't peoples lives worth the inconvenience of that?

  11. Anonymous Coward
    Flame

    Firewalls of death!

    Just kidding.

  12. Anonymous Coward
    Thumb Down

    Why?

    Why are their firewalls so open?

    Why are they not running AV?

    Why is their AV not doing real-time file scanning?

    Why is AutoRun not disabled? (gpedit and TweakUI are your friends; if I can do it, any moron can. Although I was mightily pissed to see a recent MS update seemed to have re-enabled it)

    As to the Linux fanbois...as much as I like (and use) Linux, do think for a minute. If the software only runs on Windows, then running Linux is a bit stupid. No one will be able to get appointments then! Yes, there is WINE; but that is not applicable for these cases (and that's according to the WINE folks themselves: "Wine is still under development, and it is not yet suitable for general use." http://www.winehq.org/about/)

    Now, you can pontificate all you want about how the software should have been written to open standards blah-de-blah; but the fact remains that it wasn't. Even if it were a web app, knowing the NHS, it would be IE6 only. So the clients have to run Windows. Even if it had been written in Java, there's a good chance that there will be problems in moving from OS to OS/JVM to JVM. Never mind the fact that Java client apps are bloated, ugly and painfully slow.

    That means the admins should know how to secure Windows, or someone needs to bite the bullet an say "This is crap, we want to spend millions on new software that does the exact same thing". Then two things will happen:

    1) You lot will be back on here bleating about the waste of money "Why do they need software they already have?"

    2) MS will simple sprinkle some sugar on the correct MP/civil servant and the idea will be scrapped anyway.

    You may not like it, but that's the way it is.

  13. Anonymous Coward
    Anonymous Coward

    Mission Critical?????

    What is with those of you that assume a scheduling system is "mission critical" - ever heard of paper and telephones. This is a glorified appointment system and, yes, it shouldn't be compromised if the idiots at NHS Greater Glasgow and Clyde were actually up to their job (and I know what they are like I worked there God help me!) but it doesn't put patients lives at risk. And no Fred you don't have to contract cancer yourself to appreciate that it is patients lives involved - it is that sort of stupid shroud waving that tends to hamstring the NHS all the time. Everybody claims that what they require is absolutely the most important/urgent thing ever or "patients will die."

  14. NB
    Linux

    use linux

    nuff said.

  15. Wortel
    Thumb Up

    He he.

    It's not friday yet, save some of the comedy for then please!

  16. N
    Thumb Down

    Windows - mission failure

    Again!

    what a heap of shite

    & as for 'firewalls' they may as well not bother cos some twit has probably introduced it from a pen drive

    Grade A Plonkers

  17. Wize

    @ Fred

    "Why are they using Windows? FAIL! "

    Because the cost of having to train up staff to use a different operating system and various applications when most use windows and office programs?

    Because of the cost of training IT staff on the other software/hardware?

    Because of the cost of replacing/upgrading all their PCs at the same time to match this new system?

    Because most developers write their systems to run under windows?

  18. Winkypop Silver badge
    Flame

    Och aye Jimmy

    Do all Scottish IT workers wear Jimmy Wigs?

    [...asking for a friend]

    Flames = Red = you know...

  19. Anonymous Coward
    Flame

    @Daniel

    What Frank said only with more vinegar! Now off to the stocks with you you bloody twit!

    Now where did I put my cat-of-nine tails...

  20. Trinity
    Linux

    @Wize

    Probably true; but using a "familiar" operating system just because people may have used it before doesn't obviate the need for proper training.

    I wonder how much training NHS staff actually got? Nobody seems to train people in the basics of good practice, either for security or even good housekeeping. The number of people who create a file in Word, rely on it to use the first sentence as the default file name... and then can't find the damn thing because they can't remember what that first sentence was!

    It would have been much more sensible to have saved the money they spent on Windows by implementing a *nix-based system, and spent it on comprehensive user training instead.

  21. EnricoSuarve
    Unhappy

    NHS Database

    Its a good job the database the NHS are going to upload all our records to won't be accessible to or managed by the same bunch of people

    Oh wait....

    Losing to a basic autorun virus - fail

    Putting millions of peoples deeply private data on a system accessible to hundreds of thousands of people with little IT skills - EPIC fail

  22. MGJ

    @EnricoSuarve

    No EPIC Fail by you; the NHS spine runs on OSS. Check out www.netvibes.com/cabinetoffice#Open_Source

  23. Anonymous Coward
    Paris Hilton

    Shooda ...

    Shooda used Apple Macs?

This topic is closed for new posts.

Other stories you might like