back to article London hospital recovers from Conficker outbreak

An east London hospital has confirmed its computer systems were infected by the Conficker worm earlier this month. Whipps Cross University Hospital NHS Trust stressed that the outbreak affected only administrative systems, causing minor inconvenience, and did not affect patient care. Systems have since been restored to normal …

COMMENTS

This topic is closed for new posts.
  1. Michael

    intranet?

    I'm curious to know if all PCs in the hospital network are directly connected to one another and the internet at large? I'd like to think that all machines needed for patient care would operate on a separate network with no internet connectivity and no access to USB ports or local installation of apps. Somehow I suspect that all machines are on one network and all have internet access. Because you NEED to be able to check your email on any machine.

  2. Anonymous Coward
    Anonymous Coward

    How much more misson critical can a hospital be..

    ... yet they still use Windows! FFS! Will someone have to die one day because of something like this for the people who procure vital systems to wake the fsck up and get a clue?? I'm not an MS basher or a linux zealot but even MS's most ardent fanbois would have to admit that a hospital (or defence) scenario is not the place for a flakey OS such as Windows - or frankly OS/X or linux (though they'd be a better starting point). A properly secured OS should be used in these sorts of enviroments. Yes it would cost more but a lot less than someones life is worth.

  3. Steve Evans

    Oh good...

    They can't even immunise themselves against something that was cured in an update 10 months ago.... what hope have we got when the swine flu hits?! We're all gonna die...

    DIE!!!!!

    *runs screaming into the street*

  4. Anonymous Coward
    Grenade

    Must be going around

    We just spent last week working on it at $nameless_hospital. No damage, but plenty of disruption until we got on top of the account-lockout mess that conficker causes with its brute-force attacks. There are a couple of ongoing mop-up issues. Patient care hasn't been affected (but we had to work some long days to make that so!).

    Top Tip: Conficker's password guessing uses weak passwords. If you've got strong passwords in place, say, Abcedf12 kinda stuff, none of the conficker attempts can succeed. Disable account lockouts while tidying up, and you'll dodge the disruption we suffered. Conficker's password list is here: http://www.sophos.com/blogs/gc/g/2009/01/16/passwords-conficker-worm/

    Why Windows? Because a lot of clinical software is written exclusively for Windows and our users, many of whom have -ahem- rudimentary IT skills, just about know Windows.

  5. FraK
    Grenade

    @Michael

    It would depend on what you mean by "needed for patient care", if you are talking about the machines that run things like: the intensive care equipment or operating theatre equipment then, no, they are not connected to the internet or the rest of the hospital network (at least, not where I work).

    If, however, you mean things like patient records, lab results, radiology results, etc, etc, (all of which are "necessary" for patient care. Come to think of it, it *could* be argued that pretty much every machine on our network is needed for patient care, otherwise what is it doing there?) then I think you'll find that they will be connected to the rest of the hospital network and the internet at large, although not directly obviously.

    With regard to email, we do find it quite important that people can get at their email from any machine with the caveat that it is their hospital email account they are accessing. We don't allow any access to webmail (Hotmail, et al) or allow IMAP/POP3 access to personal email accounts if that is what you were referring to.

    Where I am, standard users do not have access to USB ports or the ability to install their own software but I can't speak for any other part of the NHS. Christ! Some of our users I wouldn't trust with a pencil and paper never mind a PC, but they aren't employed for their IT skills are they?

  6. Merlin IT
    Black Helicopters

    Hmm...

    "As a result about five per cent of the Trust's PCs (30 machines) were affected and were out of action for a number of days."

    I could be wrong, but isn't 5% of 30 1.5? One (point five) hell of a virus if it can take out half of a computer.

  7. John Smith 19 Gold badge
    FAIL

    Whipps cross does not need a virus to threaten patient care

    It does that quite well without them.

    But basically FAIL

  8. Wolf 1
    Stop

    And *How* long has the Conficker fix patch been out? :)

    Seems to me the IT staff isn't keeping up with their patches...

    I mean, come on! The patch was released almost a year ago! I can understand 2-3 months delay (maybe) but 12?

    I suggest an alternate headline:

    "Hospital IT staff incompetent: systems unpatched for 12 months infected"

  9. Tim Bergel
    FAIL

    @Merlin

    They have about 600 PCs, 5% of which is about 30...

  10. Anonymous Coward
    Anonymous Coward

    OMG

    OMG

    I wish I could but I can't be bothered...

    Must admit to supporting MSP decisions though (long live freedom)

  11. Anonymous Coward
    Grenade

    In defense of slow patching...

    ...not every MS patch is golden -- everyone who works with Windows will recall some Bad Patch Of Doom that mares things up. Also, many patches require restarts and a lotta healthcare stuff is 24/7. Yes, the game needs to be sharpened up. But throwing open the servers to automatic updates would be at least as risky, and involve plenty of docs saying "excuse me, where is my spleen scanning system?" when it bounces.

This topic is closed for new posts.

Other stories you might like