PC virus forces three London hospitals into computer shutdown
Too used to the other sort
Three London Hospitals shut down their computer systems on Tuesday in response to a computer virus infection.
Infection by the Mytob worm sparked the emergency response, involving St Bartholomew's (Barts) the Royal London Hospital in Whitechapel and The London Chest Hospital in Bethnal Green. The three hospitals are members of the Barts and The London NHS Trust.
The Trust's website states that although operating theatres and outpatients departments remain operating as normal, ambulances are being diverted and "some non essential activities have been scaled back". Accident and emergency departments are open only to walk-in patients while technicians work to sort out the mess.
Doctors have resorted to pen and paper backup systems in some cases.
A computer virus has infected the Barts and The London computer system. The Trust’s well rehearsed emergency procedures have been activated to ensure that key clinical systems continue while network access is being established.
We have maintained a safe environment for our patients throughout the incident.
Manual backup systems are in use and we are in the process of restoring the computer systems with priority being given to the most important areas for maintaining patients services.
A spokesman for the Trust was unable to say when systems would be restored to normal.
It's very rare but not completely unprecedented for malware infections to disrupt the operation of hospitals. The case of a Seattle hospital infected with botnet clients is one of the few that, like Tuesday's London incident, have provoked the roll-out of an emergency response.
The infection at Barts and London Trust was reportedly caused by the Mytob worm, which contains built-in spyware functionality. Mytob spreads by email and has the ability to plant backdoor software on compromised Windows PCs.
Patients with concerns about their appointment are advised to contact the Trust on 0207 943 1335. ®
What did you expect? The Linux fanbois on here invariably show that they actually know bugger all about Windows in a corporate environment. This is why they don't realise why the lack of Linux equivalents to AD, group policy, SMS, integrated login to e.g. SQL Server and so on which are available for a Windows domain are (a) in many instances more than compensation for Windows' faults, which those of us who manage Windows systems are by nature even more aware of than they are, and (b) absolute show-stoppers for migration.
I've issued this challenge to the Linux community before on here. Please free me from Redmond. Write a NOS which can do what Windows domains do, including group policy. Write an open source equivalent for SMS which allows me to manage Linux desktops. And make it work without hours spent compiling binaries only to find I've created a new dependency. Give Linux the functionality of Windows _in a domain environment_ and we'll all save £££ by moving to it.
My suspicion is that these tools don't exist because they're antithetical to the Linux philosophy - Linux users don't _want_ and administrator hiding system tools, pushing software to them, configuring their database connections and so on, so they don't write the tools. But this is the indispensible backbone of a corporate network, and it is why Windows and AD dominate. Not because Windows sysadmins are twerps (the fanboi conclusion), but because there is no alternative.
Most informed comment of the thread.
The NHS and computing..
All these comments running rife about what NHS sysadmins should do, and why they all 'fail'.
Take into account:
1) Medical systems (not embedded clinical devices; just the ones you punch info into) are developed externally to the hospitals. These are almost invariably Windows based. So Windows must be brought in. Historically, most of the apps are windows only, so Windows is the primary OS in most hospitals.
2) Due to the nature of budgeting, and the fact that the whole place is clinically focussed, budget cuts tend to hit IT hard (HR get to make the cull, so don't choose their own, Finance hold the purse strings so they don't get hit, which leaves medical areas, where consultants complain, or IT. Oops).
3) When everything is not failing, hospitals tend to assume that all is good because it's not failing (or at least not inconveniencing enough people by the failures to really make an impact on them). If all is good, then IT is fully staffed or overstaffed (making IT a big budget cut target again).
4) You tend to find in a lot of places there are either 1, perhaps 2 sysadmins for a site. This site can be about 4-5000 people all in, with a couple of hundred different servers, including mail, database, firewall, application, web, mix of above, departmental oddities etc. Some of which IT run, some of which IT aren't allowed to touch.
5) There is no budget for the commercial tools for IDS/IPS, wider management, Database management etc. This means you're running on the 'out of the box' tools only.
6) Sysadmins are expected to meet vendors and approve/veto apps brought in (unless overriden by the departments when consultants complain), create security tools, create monitoring tools, administer servers, commission servers, handle daily maintenance, monitor servers, create reports, consult with users and departments about the way data can be used, perform and test backups on servers, develop, report, get called into meetings, fix minor issues, test and develop networks.. You get the picture. One or two people handling that level of work? It's a case of pick which of the list you want, the rest will fail. Except nobody will choose as it all needs to happen.
So, in overview, you have a very few, very overworked people in IT that are ignored largely when all works. When it fails, everyone seems to point that direction and call 'em muppets because they can't do everything with the very limited resources available, and call for sacking, which would result in the exact same number of people hired to do the job that the previous ones didn't have resource to do, and without knowledge of the systems there. Which would be a worse situation.
Solution? Fund the IT department properly. However, hospitals have limited funds (and the funds for any task are annually shrunk by 3% due to the governmentally imposed "yearly efficiency gains" rules). This means something else has to go. So do you take money from Facilites (which can end in air filters not getting cleaned, resulting in bacterial infections killing people, or not enough cleaners, results as previous), from Clinical (so people are even more rushed, resulting in more problems on the front line), or where?
Yes, there are solutions, but it really does mean more NHS funds. Which means a bigger tax burden to fund it (or less Gvt. pork spending elsewhere, but more likely a tax increase), and nobody wants a higher tax.
Reducing the targets culture would go a long way to freeing up money inside the NHS (as the amount of juggling that needs to be done in hospitals to meet these targets is horrendous). But that will mean longer waits, which irritate people.
Running tech is a fine balancing act between money, keeping users happy and keeping users secure. If any of that is wrong, the rest of it goes to pot very quickly.