In November, the Mytob worm caused problems in three major London hospitals where it overloaded computer networks, affecting services such as blood test results, X-rays and patient administration. According to More4 News, the incident could have been avoided if security updates had been applied to their network months earlier.
The UK news service requested information from all NHS trusts in England, and through the 75% that replied, it was revealed that over 8000 viruses got through information security systems with 12 incidents affecting clinical departments – and ultimately, patient care.
Earlier this year, NHS trusts in Scotland were struck by the Conficker worm freezing staff out of computers for two days, which amongst other departments, caused problems for a cancer treatment centre – where any delays could jeopardise patient health.
In an official report into the incident, it was found that antivirus systems had been turned off or not properly applied, and that it was therefore completely avoidable.
The NHS is currently building a £13 billion network linking together medical records of everyone in England. In a statement to More4 News, the NHS said: “Electronic patient records systems are protected by the highest level of access controls and other security measures. These levels of security are fare higher than any which can be imposed on access to paper records or the majority of local NHS IT solutions.”
Infosecurity notes, however, that with the UK Government’s past track record of data loss incidents, it will be interesting to see how efficient these information security measures will be.
Andrew Clarke, senior vice president, international at endpoint security solution provider Lumension of Scottsdale, Arizona, USA, said, however, that “it is important to note that the NHS hasn’t stood still for the last six months when it comes to updating its security defences. We’ve seen various NHS organisations, including NHS Scotland, looking for new security solutions to address both emerging threats and enforce data protection.”
He warned, however, that relying on antivirus applications alone to keep systems secure from viruses and other attacks, is not enough: “Although it still plays a role in helping to protect against the latest known security outbreaks, it is not able to defend against emerging threats on its own. After all, it is a reactive approach to security that relies on the application of thousands of security signatures before an outbreak occurs.
“By taking a proactive approach to security to control applications, malicious code won’t get the chance to execute - putting an end to mass propagating viruses that disrupt computer systems on a mass scale”, Clarke added.