A review into how a computer virus was able to cripple a hospital's IT network has concluded the incident was 'entirely avoidable'.

Bart's and the London trust was forced to declare a major internal incident and divert ambulances when the Mytob virus worm spread across the system last November.

An independent review concluded there was a "substantive failure" of the trust's information governance processes, "especially those operational processes in the ICT domain", board papers reveal.

Anti-virus software was configured incorrectly on some PCs, leaving a "back door" for the virus to infiltrate the network, the report said.

Urgent measures

Since the infiltration, the trust has repaired anti-virus software across its 4,700-strong PC network to reduce its vulnerability to attack. These "urgent measures" are part of a wider improvement programme, due for completion in April.

The board minutes state this will "will improve the trust's protection and significantly reduce the risk of a future attack".