Okay, sorry about the horrible pun. It suddenly occurred to me that people (especially those from outside the UK) might be somewhat shocked that the Barts and the London NHS Trust, a group of three major hospitals in London took so long to deal with a malicious program that was, apparently, detected by their provider as long ago as January 2008. I still don’t know exactly how a fairly elderly variant of a positively antique mass mailer managed to escape both the on-site anti-malware service and the NHS email service protection, but it doesn’t surprise me that the Trust’s IT team were cautious about the recovery, prioritising clinical areas rather than administrative staff.
Some years ago, the entire NHS suffered a fairly lengthy network outage because the Code Red worm was known to be infecting some unprotected machines. At that point, there were over three million systems known to be connected to the NHS network – I’ve no idea what the current figure is but I doubt if it’s less – so it would have been miraculous if there were no unprotected or infected machines. So there were two main considerations: (1) essential services shouldn’t be disrupted – and by that I mean clinical services, not the director of something or other being unable to track something he was auctioning (or bidding on) on eBay (2) the NHS should not be transmitting malware to the rest of the world. In a rational, properly secured healthcare organization, a networking problem, even over days rather than hours, really shouldn’t endanger lives. So the WAN service was severely restricted while a handful of machines were traced and cleaned/patched, but life went on in Britain’s health service: it wa a little more difficult to keep the wheels greased, but no panics or mass burials.
This time, too, there seems to have been a determined effort to maintain control and balance: a crisis, but not the drama you might have expected. In fact, in spite of our increasing dependence on sophisticated electronics, it looks as if healthcare is still about people making do and coping, not about The Machine Stops. Which cheers me up, anyway. Political dissensions notwithstanding. :)
David Harley CISSP FBCS CITP
Director of Malware Intelligence.
Author David Harley, We Live Security