The worm has turned

No comments

news focus

Published: 04/09/2003, Volume II3, No. 5871 Page 12 13

Like any other business, the NHS suffers when powerful computer viruses attack. Jennifer Trueland examines how the service is protecting itself

It was 4.30pm exactly two weeks ago.Hoping to relax after a long day's interviewing, IT manager Brian Gracie had little idea that he was about to experience one of the most challenging nights of his working life.

Half an hour earlier the computer network at his trust, Yorkhill in Glasgow, had ground to a halt. Printers spewed out pages of meaningless information. Inboxes filled with unwanted mail, which then sought other addresses to bombard.Mr Gracie's reaction was, he admits, unsuitable for publication.

The trust, which runs Scotland's largest children's hospital, had fallen victim to the Nachi virus, which makes its way into computers before trying to attach itself to others in the network, putting an intolerable burden on the system. It was also hit by Sobig.F, which tries to send damaging computer programs via e-mail, causing devastation with the sheer amount of traffic, even if the systems remain uninfected.

'I had been in interviews all day, so my deputy had set things in motion, ' said Mr Gracie. 'We immediately switched to our back-up procedures.We still have fairly substantial paper records and, in any case, it was the end of the day so most outpatient clinics were finished.

'We worked all night and the system was back on again by 7.30am the next day.We have systems for planned downtime.

The difference was that this was unplanned, but it worked the same way.'

Yorkhill was not the only trust to suffer the consequences of what software protection experts are calling an unprecedented number of major virus attacks in the past fortnight.

Leeds Teaching Hospitals trust, the UK's largest hospital trust, suffered serious disruption from the Nachi virus. Around 1,000 computers across the trust's eight sites were directly affected, while the volume of traffic ensured that the system ground down to a snail's pace. So what can NHS bodies do to protect themselves from the fightback of the machines? It is difficult, when even the most expert are not immune to trouble.

The NHS Information Authority runs NHSnet, the internal network of the NHS in England. It was able to keep running despite the threat of assaults from the Blaster and Welchia worms and the Sobig.F virus. But the system certainly slowed down.

'Service performance and operation were maintained though the volume of wormgenerated traffic was responsible for degradation of traffic transit times, ' a spokesperson said. 'At the moment it is difficult to quantify the impact of Sobig.F on NHSnet, but it has certainly been one of the largest virus attacks known to date.'

The NHS Information Authority is better prepared than most to anticipate and deal with computer problems. It even operates a threat assessment centre, headed by virus expert David Harley, which deals with risks to NHS networking from virus and worm attacks.

As the threats from the latest attacks developed, NHSIA published information on its alerts page and advice on downloading protective software.

Nevertheless, some NHS organisations were penetrated. 'It is NHS policy [the code of connection] to require all sites to stay up-to-date in terms both of anti-virus definitions and of applying all relevant security patches to IT systems as they appear, or rather as soon as practicable afterwards, ' the NHSIA spokesperson added.

'However, some end sites do seem to have been vulnerable, and some machines were infected. Some sites had to detach themselves from NHSnet for a short while as they cleaned up and checked their systems.'

The NHS is sometimes portrayed as a somewhat Luddite organisation which prefers to rely on paper rather than computers (There is the true tale of one Scottish consultant who set an appraisal target of getting his own e-mail address by the end of 2002, for example).

But the threat of viruses and other breakdowns may halt any moves to an entirely computerised system. 'Fully computerised back-up would be prohibitively expensive, ' says Mr Gracie, which suggests that paper records will still have their place. But That is not the only challenge the NHS faces when trying to embrace the internet revolution.

'Budgets are an issue with the NHS, ' says a spokesperson for Sophos, an anti-virus organisation which protects some 100,000 NHS computers from attack - a 22 per cent market share.

'Budgets can mean that the NHS is running some much older systems which it can be difficult to provide protection for.We are able to offer protection and want people to know they can do something about it, even if their equipment is old.'

Sophos is looking to expand its market share and, from this week, is offering 'health checks' to NHS organisations to see how safe their systems are. Good timing. As the spokesperson says:

'We have had an unprecedented number of large viruses in the past weeks and That is left a lot of people worried.'

So is this a new dimension to hospital-acquired infections?

Certainly some NHS bodies are sounding a precautionary note.

For example, the NHS Scotland confidentiality and data protection website, operated by the Common Services Agency, carries the following disclaimer:

'Though files are virus checked these cannot guarantee that files are free from computer viruses and no warranty is given that files downloaded from the NHS Scotland data protection website are free from computer viruses.'

Yorkhill's Brian Gracie adds to this: 'I do not think There is anything we could have done differently to stop this happening. Protection is only as good as the last virus.'

No comments

It’s not the tech plan, but there’s a lot of tech in it

The worm has turned

No comments yet

Only registered users can comment on this article.

More from Home

HSJ introduces new rules for reader comments

Help accessing hsj.co.uk

Important changes to your HSJ password