Zombie OS lurches through Royal Melbourne Hospital spreading virus
Windows XP shocker is 'willful negligence', OWASP boffin chimes.
The pathology wing of the Royal Melbourne Hospital in the Australian state of Victoria is suffering from an virus infection on its Windows XP PCs.
The hospital runs one of the southern state's largest networks and emergency departments.
Its blood bank has fallen back to manual processes for processing blood, tissue, and urine specimens according to an internal email obtained by Fairfax Media.
Critical results are being phoned in to wards.
A spokeswoman for the hospital said patient safety is its highest priority and says elective surgeries and outpatient appointments are unaffected.
Next to nothing is known about the virus infection. For instance it is unknown if the malware is part of a targeted attack, or a random infection along the lines of like Conficker which could easily wreak the kind of havoc the hospital is experiencing.
Still running XP in a clinical health setting? IMHO - wilful negligence. Windows 7 came out in 2009. #noexcusesJanuary 18, 2016
A possible hindrance to some malware is ironically the vast age of the XP systems which may not be supported on some modern complex modular malware.
The hospital will need to shell out thousands of dollars in custom Microsoft support contracts if it was to bother updating its archaic machines long cast off mainstream life support.
Security bods have told this reporter many hospitals are running the stone-age operating system and have nothing but luck to thank for their virus-free status.
Device control is known to be absent in other hospitals in the state. Staff can plug in their own USB sticks and phones, install software, and browse the web from kit connected to sensitive intranets.
The Register notes, however, that it's feasible the hospital has Windows XP in systems it doesn't control, such as diagnostic machines leased from a vendor. Such equipment may have its regulatory certification (for example, from the Food and Drug Administration) attached to a particular configuration. The Register has approached the Royal Melbourne Hospital for comment. ®
Sponsored: Global DDoS threat landscape report