The Mytob computer worm infected three major London hospitals yesterday, forcing them to shut down IT systems for at least 24 hours, and causing ambulances to divert to unaffected hospitals to avoid the 'manual systems' being used in the affected units.
A statement on the Barts and The London NHS Trust web site said that the internal incident arose from a computer virus which "overloaded its network".
"This has been a difficult day," said Julian Nettel, chief executive of the Barts and The London NHS Trust. "But by using back-up systems, manual procedures and working flexibly, we have continued to provide high quality care to our patients."
The London Chest Hospital, the Royal London Hospital and St Bartholomew's had to implement emergency procedures after the infection.
Andrew Clarke, international senior vice president at Lumension Security, said: "Much attention has been focused recently on data protection and controlling and managing removable devices such as USB sticks. However, the integrity of operations is still important and should not be overlooked."
The problem for the hospitals is that Mytob spreads to other systems using shared folders accessible over networked IT systems. The fact that the NHS Trust statement admits to an "overloaded network" shows that the virus was spreading to any system on that network.
So if sites remote to the initial infection were sharing folders, the virus could potentially spread to systems on the other side of the world, as well as those connected locally.
Mytob was first seen in March 2005 and, worryingly for the NHS, is not an unseen virus, normally called a zero-day threat. Mytob replicates by exploiting the so-called Local Security Authority Subsystem Service vulnerability, initially patched by Microsoft in 2004.
Mytob also opens certain ports, lowers security settings on affected systems and blocks security websites. It can prevent the Windows task manager from opening, stopping IT admins from checking and terminating the viral processes.
Have your say on this article
Newsletters
Latest stories from Security Technology
Latest videos
You may also like
Security Technology jobs
Technology Patent Wars
Staff are increasingly using their personal devices for work. Productivity may increase as a result, but the trend brings with it security risks
Case studies from large organisations across all sectors
... And rich media, and flexible working, and peaks in traffic ...
Upcoming Events
Join us for this Computing web seminar, in which the Head of BI at the Co-operative Group Nick Colebourn will be explaining just how he reigned in the Group’s sprawling database estate and how significant savings were realised and data quality improved as a result.
Date: 31 May 2012
Time: 11:00 AM
Live June 13th 11:00am: Register now. During this web seminar we will be looking at the sorts of incidents that can bring data centres grinding to a halt and what can be done about them.
Date: 13 Jun 2012
Time: 11:00 am
Receive the latest jobs direct to your inbox
Are you being paid what you are worth?
