back to article UK's largest hospital trust battles Friday 13th malware outbreak

Malware has infected hospital computers at the UK’s biggest NHS trust. Barts Health, which runs six London hospitals, shut down parts of its network on Friday to prevent the spread of the as-yet-unidentified software nasty. The organization oversees Mile End Hospital, Newham University Hospital, The Royal London Hospital, St …

  1. Anonymous Coward
    Anonymous Coward

    Gosh.......

    "Aatish Pattni, head of threat prevention in northern Europe for Check Point, said: “This attack could be the result of an employee inadvertently clicking the wrong link in an email, or may be a targeted attack against the trust.” "

    Well, I can see why he became head of threat protection with such insightful statements as that. No doubt he's well on his way to become a politicians special adviser.

    1. Anonymous Coward
      Anonymous Coward

      Re: Gosh.......

      No doubt he's well on his way to become a politicians special adviser.

      Let's lynch him first, for past and pre-crime. I'll bring the rope.

      1. Destroy All Monsters Silver badge

        Re: Gosh.......

        That's racist and a reminder of Jim Crow south!

        Unacceptable in an early-21st century message board.

        1. AlbertH
          Thumb Down

          Re: Gosh.......

          D.A.M. You're going to have to stop being a snowflake and grow up. If you don't like a comment, don't call it "racist" - that's just a (now) meaningless epithet spat out by clueless lefties who desperately need to justify their childish beliefs.

          1. Destroy All Monsters Silver badge
            Trollface

            Re: Gosh.......

            > that's just a (now) meaningless epithet spat out by clueless lefties who desperately need to justify their childish beliefs.

            thatsthejoke.jpg

            1. Ragarath
              Trollface

              Re: Gosh.......

              Destroy All Monsters, you forgot the joke icon and now people don't get it. Please go write on the blackboard 1000 times "I must remember the joke icon" and go to bed with no tea.

  2. Anonymous Coward
    Terminator

    Daily Insight: Trust held to ransom by tech attack

    Major hospitals hit by computer virus (subscription)

    "At the start of this week HSJ predicted that cyber security would have to become an essential part of NHS managers’ jobs in 2017, but we didn’t expect it to come true quite so quickly.

    On Friday, we revealed that one of the biggest hopsital trusts in the country, Barts Health, had been attacked by a ransomware virus, causing it to take its pathology service offline at three hopsitals. The trust has also turned off the ability for departments to file share data until the situation has been resolved.

    A source at the trust told HSJ the attack had affected thousands of files on the trust’s Windows 7 and Windows XP operating systems (the latter is also used by Trident submarines, our contributor Rob Findlay points out).

    HSJ correspondent James Illman tweeted how the Barts case was a prime example of why NHS England shouldn’t just focus technology funding on digital “exemplars”, and said: “Expect more of this in 2017. Ageing NHS tech is an easy hacking target.”

    Last September, following the Wachter review into NHS IT, HSJ warned that a robust plan was still needed for the more “digitally challenged” NHS organisations."

    1. John Brown (no body) Silver badge

      Re: Daily Insight: Trust held to ransom by tech attack

      ""At the start of this week HSJ predicted that cyber security would have to become an essential part of NHS managers’ jobs in 2017, but we didn’t expect it to come true quite so quickly.

      Wow, what an amazing prediction. This has never happened before and they predicted it. </sarc>

  3. Anonymous Coward
    Anonymous Coward

    Barts reported that the effected machines would be taken to the IT A&E, Barts did not expect much delay because they would send an Administrator along who would tell them to fix it on the spot.

    1. Anonymous Coward
      Anonymous Coward

      affected

  4. Destroy All Monsters Silver badge
    Alien

    "Earlier rumors of a ransomware outbreak were completely false"

    "There is some kind of weird parasite in the vents, will be under control soon!"

  5. Anonymous Coward
    Anonymous Coward

    re ageing tech

    "Ageing [NHS] tech is an easy hacking target."

    Wtf has age got to do with it? Fitness for purpose might be a more relevant criterion.

    1. Loud Speaker

      Re: re ageing tech

      Wtf has age got to do with it? Fitness for purpose might be a more relevant criterion.

      Win95 might have been fit for your purposes some long time ago, but it was never fit for mine.

      1. Anonymous Coward
        Anonymous Coward

        Re: re ageing tech

        > Win95 might have been fit for your purposes some long time ago

        I actually found out that the resolution was too low for good porn back then.

    2. John Riddoch

      Re: re ageing tech

      XP isn't getting any security patches would be the starting point. Work on things from there. If it's old, it's probably not supported by the vendors and so there are no security patches and it makes it more hackable. Older desktop versions probably don't have a supported, up to date anti virus solution either, so your AV/Malware protection is incomplete.

      Add in that more modern operating systems tend to have better security features built in as well, so older tech really is asking for a kicking.

      1. Anonymous Coward
        Anonymous Coward

        Re: re ageing tech

        "If it's old, it's probably not supported by the vendors"

        That may depend on e.g. the vendor and the product. And whether the lack of support matters depends on e.g. the product, its usage, and its environment.

        Stuff can go out of support within weeks or months of release or purchase. Certainly every modern phone or TV I've bought has been abandonware the minute I bought them. Are they old? Not in normal terms (e.g. is 6 months since purchase, less than a year since model came on the market, old?). Are they fit for purpose? Debatable.

        PCs and some PC software are going that way too.

        Windows XP probably isn't fit for purpose in this case, but it's not solely due to its age.

      2. Hans 1
        FAIL

        Re: re ageing tech

        @John Riddoch

        >Add in that more modern operating systems tend to have better security features built in as well, so older tech really is asking for a kicking.

        That is the fallacy why you got my downvote. Last I looked, hide file extension is still the default in Windows 10, that is the #1 malware vector ... almost as if they did it on purpose ... then, of course, you have MS Office, Adobe Acrobat and Flash, IE, EDGE ... I could go on forever.

        Linux and you're so much more safer, it is much cheaper, can have a familiar ui, always gets security updates regardless, an upgrade does not change the ui substantively if you do not want to ...

      3. CrazyOldCatMan Silver badge

        Re: re ageing tech

        Add in that more modern operating systems

        So, not Windows then?

  6. Anonymous Coward
    Anonymous Coward

    Scenario

    I work in Hospital IT by choice. I spent many years in the private sector and wished to give something back.

    You have to bear in mind that senior decision makers in the NHS will typically have a clinical rather than technical background, and their understanding of IT issues will be limited.

    It is of course IT's job to give these decision makers an honest summary of the threats and solutions available to them.

    Consider that you're working in a trust and have an HA pair of aging firewalls protecting your network. These firewalls are rule based with no advanced features like IPS, Malware protection or URL filtering. In fact, they are so old that the manufacturer is only supplying hardware support for the next couple of years, and most support companies don't want to have them on thier supported hardware inventory.

    You would dearly love to replace these firewalls with a new HA pair of NG firewalls with all that lovely IPS, Malware, Sandboxing and URL filtering technology. The cost of these firewalls is approximately the cost of a treatment round of chemothereapy.

    Hospitals have a limited budget that they have to manage, and they have an ever increasing number of patients and the pharmacutical and medical device industries don't do the NHS any favours by charging an ever increasing amount for vital drugs and equipment. (£3K a day for a tech to come out and change the default gatway on a single medical device anyone?)

    You can buy these firewalls, but you have to make up the cost of a round of chemotherapy up to finance them. Or, you can struggle on for the next two years with the existing firewalls.

    Would it make a difference to your decision if you did or did not know the patient who may not receive chemotherapy. Whilst it's unlikely that a patient would be denied the chemo, the money still has to come from somewhere.

    1. Anonymous Coward
      Holmes

      Re: Scenario

      > £3K a day for a tech to come out and change the default gatway on a single medical device anyone?

      The state should sue and demand open/standardized access instead of getting into bed with the lobbyists.

      But then AO would write a bad article about how copyright keeps us all save and managed from the corporate control centre and freetards are the reason why artists go hungry. And we can't inflict that on the readership.

      (Also, don't buy glitzy american "air superiority" jets etc...)

    2. Korev Silver badge

      Re: Scenario

      If a hospital's IT systems are shut down due to some nasty getting in, then no patients will get their chemo (or any other treatment).

    3. Alan Brown Silver badge

      Re: Scenario

      "You can buy these firewalls, but you have to make up the cost of a round of chemotherapy up to finance them. Or, you can struggle on for the next two years with the existing firewalls."

      That's the way it works most places. Until the shit hits the fan and then budgets become immaterial.

    4. Anonymous Coward
      Anonymous Coward

      Re: Scenario

      I also work in the NHS having previously worked in a nearby local authority and several private companies before that, initially when I joined the NHS I worked in third line and running a small team, I've since moved into a security role penetration testing, advising on tech to keep our data secure and on the DPA itself.

      We have got the tech to keep our data fairly secure, we have good, well configured firewalls, a decent web filter, centrally managed AV, tightly controlled segregated admin rights, group policy etc etc.

      We're still weak to ransomware though as our senior management won't implement application whitelisting due to it potentially causing a headache in the short term, so everything else we've got is suddenly massively weakened due to a decision taken by someone without a firm understanding of the facts despite us repeatedly requesting, explaining, requesting again to enable it. Absolutely it'll cause some problems regardless of how well prepared we are, but from my perspective it'd help massively.

      In my situation we've spent a ton of money, only to then have it all undermined by that one decision and we're in that horrible situation of now hoping something minor does happen as a result of the lack of whitelisting so we can then say "right this wouldn't have happened with applpication whitelisting enabled, can we turn it on now?"

      1. HmmmYes

        Re: Scenario

        How about not using Windows?

        1. Anonymous Coward
          Anonymous Coward

          Re: Scenario

          We've seriously looked into it, have actually done it in a few very limited circumstances but until more clinical systems are delivered via a browser, where the OS doesn't matter I doubt we'll see it happen. Staff training costs would be enormous (although arguably not much worse than yearly MS licensing costs) and the cost of getting existing systems working again with an alternative OS would be costly both in terms of pure development and time to do it - years.

          As much as I like Linux it's simply not at a stage where we can manage clients effectively enough to use it either, many NHS trusts/boards/CCGs cover fairly large geographical areas, require a lot of kit and rely heavily on remote access/management tools to help deliver services.

          I completely see where you are coming from, but it needs someone at the very top of NHS England, NHS Scotland etc to make that decision and more importantly for MPs/MSPs etc to then let them get on with it and not change the structure, move the goal posts every couple of years after that.

      2. Anonymous Coward
        Anonymous Coward

        Re: Scenario

        "senior management won't implement application whitelisting"

        I struggle to understand why application whitelisting is anything other than a figleaf for the IT department.

        It may have some benefits according to the Powerpoints or modern equivalent, but exactly how can it protect secure/sensitive data from unauthorised access?

        If there is no sensible answer to that question, what's the point of continuing the whitelisting discussion?

    5. Lotaresco

      Re: Scenario

      At the risk of sounding like Mr Grumpy, a boundary pair of firewalls isn't going to do much to control this type of outbreak. You are talking the talk of an awful long time ago. Network security has moved on and you would need to consider endpoint protection as well as firewalls and having your IPS somewhere other than (just) the boundary.

      Firewalls are not where you do sandboxing.

      The argument about a Firewall costing as much as a round of chemotherapy is a busted flush. It's as sensible as arguing that the PC on the hospital administrator's desk cost as much as a year's insulin for a diabetic or that an Ambulance costs as much as a round of chemotherapy. Is that a valid argument for not having either?

      Network security appliances enable the hospital to continue to treat patients. They protect against key systems required to deliver patient care being compromised. They also help with data loss prevention and the consequential fines that would hurt the ability of the hospital to deliver care. Given the weak security profile of embedded systems that are used to monitor patients, provide clinical chemistry (etc) adequate protection of the network is essential not optional.

      Finally if you're getting charged £3000/day for a callout then the Trust is being ripped off, or some administrator is getting a massive backhander. That is so far above the industry average that I smell not just a rat but a rat king.

      BTW, I used to work for the NHS, consider I've paid my dues and these days I work as a Security Architect.

      1. Anonymous Coward
        Anonymous Coward

        Re: Scenario

        As someone who worked within the NHS you know how hard it is to get funding for something for an event that hasn't yet happened. In many cases we're like Emergency Departments - we treat problems after they've happened. Clearly not idea.

        I've been turned down for funding on several occasions for various things which would help, I have finally been able to get some sandboxing in - 4 years after I initially asked for it any only AFTER we had an incident which it would easily have prevented.

        Active network scanning, vulnerability scanning etc would be fantastic and I've argued for them for years but to no avail.

  7. Lotaresco

    Malware infections at NHS hospitals are rare

    I think you mean "are rarely reported" or possibly "are rarely of a type that requires all networks to be taken offline". Bad practices are rife within hospitals with a culture of medical staff, particular senior medical staff being able to access patient's data using the same iPad that they use at home. The presence of malware isn't, in my experience, rare but the spread of an infection is controlled by AV.

    1. Anonymous Coward
      Anonymous Coward

      Re: Malware infections at NHS hospitals are rare

      You'll only see it as per your patch of ground. We don't allow BYOD, they can't add it to the network without our help anyway etc.

      Our senior management are a lower risk than our student docs, who in turn are a lower risk than volunteers who have some form of access to the network, even if it's just to check their official e-mail.

      You can't lump "NHS" into one, the infrastructure, policies and training from one trust varies massively to the next, then you have CCGs and that's just within NHS England, NHS Scotland, NHS Wales etc all sounds similar but work in surprisingly different ways, for example NHS Scotland seems to be far more joined up in terms of national work between their NHS Boards and social care than NHS England is and NHS Wales seem to also do a lot of things nationally which hasn't been possible in NHS England for years.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like