14 DAY TRIAL // The computer virus outbreak that crippled the network operation of three hospitals in London last month is almost over. The administration announced that around 97% of the 5,000 computers on the network were operational again.
A rare incident of computer malware affecting medical facilities took shape on November 18th, when the Royal London Hospital, St. Bartholomew’s Hospital (Barts), and the London Chest Hospital were forced to shut down their network because of a fast-spreading worm. The three hospitals fall under the administration of the Barts and The London NHS Trust, and in consequence share a common computer infrastructure.
The culprit that forced the trust to enforce computer emergency procedures has been identified as a version of the Mytob worm. This malicious application, discovered for the first time back in 2005, is able to propagate itself via e-mail, and uses its own integrated SMTP engine to achieve this. In addition, variants of the worm are capable to replicate, by exploiting older LSASS and DCOM RPC vulnerabilities in the Windows operating system.
After emergency protocols enforced by the IT staff of the hospitals affected patient transport and emergency services for a short period, the doctors had to resort to traditional hand-written requests in order to use the clinical equipment. Concerns regarding the security of patient data were raised, because the worm had the ability to extract data from infected systems, but the administration denied such a privacy breach.
According to the IDG News Service, the trust's network was protected by solutions from the security vendor McAfee, which claimed that all of its products were able to detect the Mytob version that infected the hospital computers. McAfee detected the worm as W32/Mytob.gen@MM, and it was detailed in their virus information encyclopedia, so the trust announced that an investigation had been started in order to determine how a 3-year-old worm was able to do so much damage. The trust also rejected the possibility of a targeted attack.
Similar incidents that involved healthcare institutions were rare, but not unheard of. Such was the case of a Seattle Hospital, which dealt in 2006 with an infection that turned computers on its network into botnet clients. The facility suffered $150,000 in damages, because of that security breach, but, in general, hospitals and other such organizations have the resources to invest into reliable security solutions and to enforce tight security policies.