14 DAY TRIAL // The networks of three London hospitals, the Royal London Hospital, St. Bartholomew’s Hospital (Barts), and the London Chest Hospital, were severely affected by a computer worm, on Tuesday. Because of the emergency procedures, the activity relying on computer systems has been affected, and non-essential operations have been halted.
All the hospitals are members of the Barts and The London NHS Trust, and they are connected to a common, larger computer network. This facilitated the propagation of the malware, suspected as being a mass-mailing worm, known as Mytob. “The Mytob worm spreads via email, planting a backdoor Trojan horse, which can be used by remote hackers to gain access and control over a victim's computer,” explained Graham Cluley, senior technology consultant at security vendor Sophos.
The seriousness of the incident forced the hospitals to divert ambulances to other neighboring medical institutions, and restrict their emergency rooms to walk-in patients only. The Trust informed in a press release that patient appointments should not be affected, unless they involved transport, a service which was temporarily disrupted.
“The Trust’s well rehearsed emergency procedures have been activated to ensure that key clinical systems continue while network access is being established,” was noted in the press release. Backup systems are being used, while the IT staff are in the process of restoring the original systems based on priorities.
“Lab testing and imaging was available throughout the incident, as medical staff could and did access services by manual requesting,” said Julian Nettel, the Trust's chief executive. He has also pointed out that the Accident & Emergency departments are able to receive ambulances again, starting from today.
"I would particularly like to thank all our staff, patients and other NHS colleagues for their hard work, help, and support during this incident," added Julian Nettel. Such incidents are not a common occurrence in hospitals, and medical facilities generally have well designed emergency response plans, but Graham Cluley outlined the larger implications of such scenarios. “There will, no doubt, be concerns that the confidentiality of patients’ data may have been put at risk,” the security researcher said.