{"id":351,"date":"2009-01-08T19:50:03","date_gmt":"2009-01-09T03:50:03","guid":{"rendered":"http:\/\/cubist.cs.washington.edu\/Security\/?p=351"},"modified":"2009-01-08T19:50:03","modified_gmt":"2009-01-09T03:50:03","slug":"current-event-3-london-hospitals-infected","status":"publish","type":"post","link":"https:\/\/secblog.cs.washington.edu\/Security\/2009\/01\/08\/current-event-3-london-hospitals-infected\/","title":{"rendered":"Current Event: 3 London Hospitals Infected"},"content":{"rendered":"<p>According to articles from <a href=\"http:\/\/news.bbc.co.uk\/1\/hi\/england\/london\/7735502.stm\">BBC <\/a>and <a href=\"http:\/\/www.theregister.co.uk\/2008\/11\/19\/hospital_computer_virus_shutdown_update\/\">TheRegister <\/a>back in November of 2008, three London hospitals fell victim to the <a href=\"http:\/\/antivirus.about.com\/od\/virusdescriptions\/a\/mytob.htm\">Mytob Worm<\/a>.\u00a0 Originating from early 2005, this worm spreads itself through email and prevents removal by disabling any attempts to retrieve virus update definition files.\u00a0 The hospitals needed to shutdown their systems for three days to ensure proper eradication of the virus.\u00a0 An efficient emergency procedure was executed promptly, minimizing impact.\u00a0 Hospital directors claimed the hospital was not targeted and reassured patient records were not compromised.<br \/>\n<!--more--><br \/>\nAlthough it does not seem the hospital suffered much more than delays and confusion from the incident, it is apparent that the hospital was not fully prepared against such a sophisticated worm.\u00a0 The source of the initial infection either was not found or was not released, but judging from the nature of the worm, chances are that an unsuspecting employee clicked a bad link in an email and started the whole process.\u00a0 (If anyone can verify exactly how the hospitals were initially hit, please leave a comment to this post.)<\/p>\n<p>Several simple preventative measures would have drastically shrunken the probability of or even prevented this infection. For one, all employees should have been made aware of the grave responsibility involved in maintaining an electronic medical record keeping system.\u00a0 There are countless disastrous scenarios that can arise from carelessness and ignorance; employees should be trained to recognize security risks, such as potentially hazardous email links. While it&#8217;s unreasonable to expect extensive computer knowledge from the average employee, it the responsibility of the hospital to keep their employees informed of basic security risks such as mysterious emails.<\/p>\n<p>The IT support at hospitals must also make it a priority to keep the virus definition files and operating system patches up to date.\u00a0 Keeping safe and isolated electronic backups could have also prevented the entire computer network from going down for three whole days in the face of an attack.<\/p>\n<p>It is rather unnerving to see that three major institutions guarding information as critical as medical data fell prey to such easily preventable attacks.\u00a0\u00a0 The news reports this event as if it were a minor annoyance; nothing hospital related was directly targeted, and there were no serious damages, so it is treated like a harmless scare. But the hospitals were just incredibly lucky. If the security of the network was so poor that it could not prevent an almost 4-year-old worm, a targeted attack could have had catastrophic results. Hospitals have a wide range of possible adversaries, from politicians to terrorists to extortionists.\u00a0 Any of these adversaries might desire particular patient&#8217;s data pertaining to diseases, insurance policies, and medication received.\u00a0 What if an attacker could have gained access to passwords relating to purchasing orders of medical supplies and drugs?\u00a0 Attackers may also want to change insurance information in the system resulting in denial of care for patients.\u00a0 All patients and employees related to these hospitals are at risk now that the system was compromised. This should serve as a wake-up call for hospitals everywhere to review the robustness of their record systems.<\/p>\n<p>Nonetheless, the hospital directors did a great job handling the public response to this mess.\u00a0 Their prompt and concise public statements assured patients that their privacy was intact, and this likely prevented mass panic with hospital patients.\u00a0 However, for the sake of the patients, I hope the hospitals are only superficially downplaying the incident and are taking serious measures to enhance the security of their network.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>According to articles from BBC and TheRegister back in November of 2008, three London hospitals fell victim to the Mytob Worm.\u00a0 Originating from early 2005, this worm spreads itself through email and prevents removal by disabling any attempts to retrieve &hellip; <a href=\"https:\/\/secblog.cs.washington.edu\/Security\/2009\/01\/08\/current-event-3-london-hospitals-infected\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":79,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[],"class_list":["post-351","post","type-post","status-publish","format-standard","hentry","category-current-events"],"_links":{"self":[{"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/posts\/351","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/users\/79"}],"replies":[{"embeddable":true,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/comments?post=351"}],"version-history":[{"count":8,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/posts\/351\/revisions"}],"predecessor-version":[{"id":359,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/posts\/351\/revisions\/359"}],"wp:attachment":[{"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/media?parent=351"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/categories?post=351"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/tags?post=351"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}