Hospitals shutdown computer systems due to Mytob worm
The register has an article about three London hospitals shutting down their computer systems due to a worm. However, except for transportation, all functions of the hospital seem to be continuing despite the lack of computer systems.
I took away three things from this article: computer systems are not essential for health care, someone wasn’t patching or following security policies, and the worm provides a back door for attackers. The doctors and the hospital are still providing medical care to patients. The computer systems certainly help them do this job more efficiently, but they’re not required. I think this points out the importance of security vs. convenience. The doctors just want to help their patients, and if they have to do that without computer systems, so be it. Most of the computerized equipment they really need should not be (and usually isn’t) connected to a network. If the computer systems become difficult to use because of security – the doctors will just not use them.
The second thing I noticed, but wasn’t mentioned directly in this story, was that the worm had to get on those systems in the first place. That was either over the network or brought in from a user. Either way, it tells me that patches weren’t applied and anti-virus was not running on access. Someone wasn’t following policy.
The final piece of information that was glossed over in the Register’s article is that the worm opens back doors on systems and contains spyware. Now, I’m sure the writers of the worm didn’t think that it would end up on a healthcare system, so they’re probably not looking for Personally Identifiable Information (PII), but that information is still there and likely accessed by the users of those systems. If a keylogger was installed, all of that is now “public” to the botnet’s users. I think the hospitals will have a larger job of cleaning up after this and determining what the worm did with that information than they do now in getting the systems back up and running.
Recovering from an “attack” is not as simple as restoring last known good configurations. You have to duplicate the drives, re-install the systems, then restore data (and hope you have good recent backups). If you want any chance of prosecuting the individual(s) responsible, duplicating the drives for forensic analysis is one of the most important steps. And until that’s done, these hospitals will be without computer systems.
7 thoughts on “Hospitals shutdown computer systems due to Mytob worm”
I wanted to comment and thank the author, good stuff
I wanted to comment and thank the author, good stuff
You made some good points there. I did a search on the topic and found most people will agree with your blog.
Is there a way to become a content writer for the site?
I like your style, the fact that your site is a little bit different makes it so interesting, I get fed up of seeing same-old-same-old all of the time. I’ve just stumbled this page for you 😀
Epic site. I’m glad I wandered onto it through my friend’s blog. Gonna definitely need to add this one to the old bookmark list 😀
Best you could make changes to the post name title Security Musings » Blog Archive » Hospitals shutdown computer systems due to Mytob worm to something more better for your webpage you make. I liked the the writing even sononetheless.
Comments are closed.