London Hospitals Still Sick From Virus Breach
I was reading Graham Cluley's blog at Sophos earlier this week about a virus infection (the computer kind) at a number of U.K.-based hospitals. I pretty much passed over this story until I learned just how badly the hospitals were prepared for this.
November 19, 2008
I was reading Graham Cluley's blog at Sophos earlier this week about a virus infection (the computer kind) at a number of U.K.-based hospitals. I pretty much passed over this story until I learned just how badly the hospitals were prepared for this.This was Cluley's take on things, just yesterday: "There will, no doubt, be concerns that the confidentiality of patients' data may have been put at risk and the hospitals will surely be keen to reassure the public that security has been maintained."
Unfortunately, the situation is much worse than worries about the confidentiality of patient data. I'm wondering how doctors are accessing customer data to conduct care. Barts and The London is one of Britain's top teaching hospital trusts. The hospitals include St. Bartholomew's (Barts), The Royal London, and The London Chest.
The Register is on this story, just as The Reg has, for years, done an excellent job at getting the scoop on these kinds of incidents:
"A spokesman explained that a serious computer virus infection was detected on Monday. IT support staff thought they had the infection under control on Monday night, but systems crashed when staff logged in on Tuesday, prompting a decision to kick off established emergency procedures that involved shutting down the computer network at the hospital."
I'd really like to have a peek under the hood of the IT security defenses in place at these hospitals. It's not like this was a zero-day virus. Mytob, and its family of variants, have been around for a long, long, long time in malware years.
Back to Cluley's take. He is right, patient confidentiality will be a big concern, once hospital systems are restored back to normal. Mytob is known to plant backdoors on systems, which pretty much give attackers free rein to do whatever they want, including the ability to snoop. Because patient data is involved, this is likely to be a forensic nightmare for the hospitals to sort out in the coming weeks.
Read more about:
2008About the Author(s)
You May Also Like
Why Effective Asset Management is Critical to Enterprise Cybersecurity
May 21, 2024Finding Your Way on the Path to Zero Trust
May 22, 2024Extending Access Management: Securing Access for all Identities, Devices, and Applications
June 4, 2024Assessing Software Supply Chain Risk
June 6, 2024Preventing Attackers From Wandering Through Your Enterprise Infrastructure
June 19, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024