Slashdot Mirror

← Back to Stories (view on slashdot.org)

Computer Virus Attack Forces Hospitals To Cancel Operations, Shut Down Systems (zdnet.com)

Posted by msmash on from the virus-outbreak dept.

A hospital system in the United Kingdom has canceled all planned operations and diverted major trauma cases to neighboring facilities citing a computer virus outbreak. From a report on ZDNet: The Northern Lincolnshire and Goole NHS Foundation Trust says a "major incident" has been caused by a "computer virus" which infected its electronic systems on Sunday. As a result of the attack, the hospital has taken the decision to shut down the majority of its computer networks in order to combat the virus. "A virus infected our electronic systems [on Sunday] and we have taken the decision, following expert advice, to shut down the majority of our systems so we can isolate and destroy it," said Dr Karen Dunderdale, the trust's deputy chief executive. The use of a shared IT system also means the United Lincolnshire Hospitals Trust has been taken offline as staff attempt to combat the attack. As a result of the attack, all outpatient appointments and diagnostic procedures that were set to take place at the infected hospitals on Monday and Tuesday have been canceled, while medical emergencies involving major trauma and women in high-risk labor are being diverted to neighboring hospitals.

127 comments

  1. Did everyone suddenly forget....? by cayenne8 · · Score: 5, Insightful
    Did everyone suddenly forget how to use pen and paper for records?

    Do they not have paper they can write on till the computer system is back up and then retroactively enter the data in?

    Seriously, it wasn't that long ago that it was ALL paper records and charts....surely people can still write and notate on paper till the computer system comes up.

    If not, then we all SERIOUSLY need to reconsider having only electronic records for medical treatment, or a few hackers could really kill people...literally.

    --
    Light travels faster than sound. This is why some people appear bright until you hear them speak.........
    1. Re:Did everyone suddenly forget....? by unixisc · · Score: 1

      But they'd then have to issue several copies of the same records/data/requests to forward them to various departments of the hospital. People would be loathe to writing the same thing down several times, and I'm suspecting that they no longer use carbon paper. So using hand written instructions would be out of the question

    2. Re:Did everyone suddenly forget....? by SeaFox · · Score: 4, Funny

      But they'd then have to issue several copies of the same records/data/requests to forward them to various departments of the hospital. People would be loathe to writing the same thing down several times, and I'm suspecting that they no longer use carbon paper. So using hand written instructions would be out of the question

      If only there was some sort of machine that made a photo-perfect copy of the writing and illustrations on paper...

    3. Re:Did everyone suddenly forget....? by Anonymous Coward · · Score: 0

      It doesn't seem clear to me that the only systems affected were for record keeping but regardless, when treating patients you don't just create new records - you access existing ones. Losing access to a patient's past treatment history can easily invalidate any diagnosis - and potentially lead to a lot worse than that.

    4. Re:Did everyone suddenly forget....? by __aaclcg7560 · · Score: 1

      Many hospitals are going to a paperless document management system for storing records. The only people who might be using pen and paper are doctors with a prescription pad, which has to be scan into the system and transmitted to the pharmacy department..

    5. Re:Did everyone suddenly forget....? by Anonymous Coward · · Score: 1

      It's just like the army. If all their tanks and guns broke down you'd think some of them would know how to use spears.

    6. Re:Did everyone suddenly forget....? by Hognoxious · · Score: 1

      Did everyone suddenly forget how to use pen and paper for records?

      Not sure if they forgot how, but it seems someone forgot why they got rid of them in the first place. That's if "he" actually know in the first place.

      Do you think they kept a load of clerks waiting in the wings, just on the off-chance? After all, businesses have a tea-chest in the basement full of lever operated adding machines packed in grease don't they?

      --
      Confucius say, "Find worm in apple - bad. Find half a worm - worse."
    7. Re:Did everyone suddenly forget....? by DarkOx · · Score: 4, Insightful

      Its one thing for your local Applebees to bust out the hand held check pad for the evening if the computers are down.

      The worst that happens is someone screws up and few meals have to get comped, maybe some supplies don't get reordered etc. As long as they get it mostly right things will be fine.

      Its different in a Hospital, mostly right is often not only not good enough but deadly. You don't want staff suddenly using a fall back procedure they have comparatively little training and practice with! If its an emergency and you have a triage situation because of a disaster that is one thing, but you would be foolish to do anything that is elective or can be safely postponed.

      --
      Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
    8. Re:Did everyone suddenly forget....? by laurencetux · · Score: 1

      swords Bows and Browning would be the order of the day

    9. Re:Did everyone suddenly forget....? by ColdWetDog · · Score: 4, Insightful

      While everyone has paper fall back systems in place, they're rarely, if ever, tested because you've then just given everyone double the work load for some period of time. Always a winner when it comes to employee satisfaction.

      Also, computers are increasingly used as decision support tools. Yes, you could, theoretically, put that logic flow down on paper. In fact, that would be a useful exercise to do so you could step through everything. No, people aren't going to go do that (see above).

      Especially in medicine, hospital systems are going to have to rethink their networks. It really can't be a standard Windows business-class 'works most of the time to some degree' type thing. It must be more along the line of a bank or Amazon - high availability, high security, fail over capability. You really shouldn't be able to, for example, hang around on Slashdot on the hospital network.

      Oh. Wait.

      --
      Faster! Faster! Faster would be better!
    10. Re:Did everyone suddenly forget....? by Anonymous Coward · · Score: 0

      >If not, then we all SERIOUSLY need to reconsider having only electronic records for medical treatment, or a few hackers could really kill people...literally

      My cynical self thinks the hospital system wouldn't shut down if the issue were only related to providing care for patients, but rather that it was more about being the hospital able to correctly bill the patients for visits, labs, and treatments that was threatened.

    11. Re: Did everyone suddenly forget....? by Anonymous Coward · · Score: 0

      Obamacare requires medicalbrecirds to be stored electronically. Im not sure if Uk has similar laws/rules in place.

    12. Re:Did everyone suddenly forget....? by Anonymous Coward · · Score: 0

      yep, its just like that. That's the perfect metaphor. Or it would be, if it dealt with cars instead of guns and tanks.

    13. Re:Did everyone suddenly forget....? by Jeremi · · Score: 1

      Did everyone suddenly forget how to use pen and paper for records?

      Not at all. Everyone forgot gradually, over the course of many years of always doing everything via computer.

      --


      I don't care if it's 90,000 hectares. That lake was not my doing.
    14. Re: Did everyone suddenly forget....? by Anonymous Coward · · Score: 0

      Even that's going digital. Last time I got a prescription (clinic in western Canada) the prescription itself was computer printed, the only pen ink was from the Doctor's signature.

    15. Re:Did everyone suddenly forget....? by Ungrounded+Lightning · · Score: 2

      Did everyone suddenly forget how to use pen and paper for records?

      Do they not have paper they can write on till the computer system is back up and then retroactively enter the data in?

      Paper and pen records started being replaced as far back as the '60 (when my father, an administrator in a major hospital, replaced hand-copying the patients' name and medical record number onto each form - using up more of the nurses' time than actually caring for the patient - with imprinting this info using a credit-card-style hospital card and a credit-card-bill imprinter).

      They take too much of the health-care professionals' time, leading to enormously increased cost, reduced and delayed treatment, and increased medical errors.

      Switching back to paper and pen records and tracking, on short notice, is NOT an option. When the computers are down, as with a major disaster emergency, patient history is no longer available and treatment must be done solely on currently-visible signs and symptoms. (So most patients are offloaded to sites where the I.T. equipment is still up.)

      --
      Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
    16. Re:Did everyone suddenly forget....? by Anonymous Coward · · Score: 0

      That does it.

      Of all stupid posts getting 5, insightful here, this one takes the first prize.

      If this was 1980, it would still be moronic.

      What now? Buy Windows and the backup kit, composed of paper, pencil and a eraser? (because you know people cannot forget old-style undo).

      Boy, this is below the idiocy level... and it gets 5, insightful.

      Slashdot, 2016.

    17. Re:Did everyone suddenly forget....? by Joe_Dragon · · Score: 1

      they don't have local copying turned on? Do you have to put coins in it?

    18. Re: Did everyone suddenly forget....? by BlytheBowman · · Score: 1

      So they don't keep a old style non network Xerox copier around, somewhere? Reading all of this I'm being reminded of the 2003 reboot of Battlestar Galactica

    19. Re:Did everyone suddenly forget....? by Anonymous Coward · · Score: 0

      Especially in medicine, hospital systems are going to have to rethink their networks. It really can't be a standard Windows business-class 'works most of the time to some degree' type thing. It must be more along the line of a bank or Amazon - high availability, high security, fail over capability.

      Hospital building codes are very different from ordinary office and apartment buildings. Hospital electronics and medical instruments are tested and certified in a very different way than a IoT light bulb or a kitchen knife. Perhaps computer systems and networks could residing in those buildings and performing a critical functions could also be tested and certified somehow. My head is just about blew up thinking about possibil

    20. Re:Did everyone suddenly forget....? by rtb61 · · Score: 1

      So basically next time there is a major solar flare that will impact the earth, hmm, everyone on that side of the planet in hospital basically dies, hmm, sounds like a plan.

      Reality is all essential services managed by government should maintain manual pen and paper systems as backup. Those pen and paper system put the computer systems in place and when computer systems and the cloud goes down in a catastrophe, what the fuck happens when there is no pen and paper system to get them back up again. You could imagine the bullshit. Crap send someone down to the stationers to get pens, papers and rulers, except now they are out of stock and oh look, they can not order any more.

      This stuff is crazy, at the supermarket today, computers went down, no problem I had cash but other people did not and well, bought nothing. Cashless society, what do you imagine will happen when the computers go down, which they will, guaranteed 100% they will fail (solar flare, major earthquake, major storm, stupid government false flag computer attack, some other stupid governments computer attack). How many hours before it all collapses, make it past the first 24 maybe, how about after 72 not so pretty outcome and any longer and people will start dying in significant numbers.

      --
      Chaos - everything, everywhere, everywhen
    21. Re: Did everyone suddenly forget....? by Anonymous Coward · · Score: 0

      We sure don't. Copiers that old mostly die, and are expensive to fix, and are leased. They've all been grandfathered out, replaced by digital copiers.

    22. Re:Did everyone suddenly forget....? by Anonymous Coward · · Score: 0

      Well, it can, but it needs to be solidly up to date: the rumour mill suggests that this Trust was on a fairly crappy setup (patchy AV, XP boxes, etc).

      For stuff like this we keep a Risk Register, because mitigating risks isn't free. I have a feeling the problem here lies in pushing the IT risk down that list compared to other stuff, and *that* is a Board-level mistake.

    23. Re: Did everyone suddenly forget....? by Anonymous Coward · · Score: 0

      The medical records are digitised. They wont operate unless a patients records can be accessed, and for good reason.

    24. Re:Did everyone suddenly forget....? by Aaden42 · · Score: 1

      They can write all they want until the system comes back up, but that doesn't give them access to patient history that's been taken electronically for years now. It's all well & good to write down what happened today & data enter it later.

      Today patient died because past drug allergy information was unavailable in offline computer system.

      Yeah... Not so good... Not undertaking non-emergent care (and diverting emergent care to another near-by facility) is by far the safest choice when medical history is unavailable.

    25. Re:Did everyone suddenly forget....? by __aaclcg7560 · · Score: 1

      So basically next time there is a major solar flare that will impact the earth, hmm, everyone on that side of the planet in hospital basically dies, hmm, sounds like a plan.

      The electrical grid in the US will probably go offline in a significant solar storm or EMP attack. Only military installations are hardened against such events. The utility companies are aware of this problem but they want the federal government to pick up the tab for upgrading the grid.

      How many hours before it all collapses, make it past the first 24 maybe, how about after 72 not so pretty outcome and any longer and people will start dying in significant numbers.

      Hurricane Katrina was a good example of that.

    26. Re:Did everyone suddenly forget....? by Anonymous Coward · · Score: 0

      This informative comment certainly deserves more than -1. The public moderation system was a good idea but Slashdot needs to get a mechanism in place to detect trolls and shills and prevent them from voting. I know there is no perfect mechanism yet, but at least try to do something.

    27. Re:Did everyone suddenly forget....? by rickb928 · · Score: 1

      Any competent hospital knows to have emergency processes ready to stand in in the event of a power outage, natural disaster, or even a labor action.

      I'm glad I don't do this work any more. Imagine having to explain to your business administrators that you need to firewall your internal departments from one another, that you cannot allow users to send or receive certain email content, that you must not permit sharing between certain critical functional units, that HIPAA in the US requires you to lock down data so severely you can't even email your own W-2 to yourself.That you need a secure messaging system to work with external users, so that they will need to log in, set a username/password, and tolerate decrypting messages through a cumbersome HTTPS connection.

      Bah. Humbug.

      --
      deleting the extra space after periods so i can stay relevant, yeah.
    28. Re:Did everyone suddenly forget....? by Grishnakh · · Score: 1

      Especially in medicine, hospital systems are going to have to rethink their networks. It really can't be a standard Windows business-class 'works most of the time to some degree' type thing.

      Exactly. They brought this on themselves by using Windows. The IT director should be fired.

    29. Re: Did everyone suddenly forget....? by Anonymous Coward · · Score: 0

      ...replaced by digital copiers.

      The ones that try to run ocr on the text instead of copying exactly whats on the page? Sometimes important numbers get changed.

    30. Re:Did everyone suddenly forget....? by The-Ixian · · Score: 1

      I would be willing to bet that the intrusion will be traced back to a phishing e-mail or some other social engineering tactic.

      If computers are so important, then computer training and procedures should be top priority.

      Clearly, they cannot fulfill their primary purpose without them, so why aren't people trained properly to use them?

      --
      My eyes reflect the stars and a smile lights up my face.
    31. Re:Did everyone suddenly forget....? by The-Ixian · · Score: 1

      Yeah, because we all know that Linux is immune to hacks, exploits and worms....

      Even if this was somehow a failing of Windows (which it most likely isn't), how far is an IT director going to get pushing an OS that is incompatible with the hospital's software applications (accounting systems, patient records, etc, etc)?

      Now, that isn't to say that there aren't grounds for this IT director's dismissal. It could turn out that they were negligent and weren't keeping up with updates or using security best practices.... but that is hardly the same thing as basing a dismissal on a software purchase.

      --
      My eyes reflect the stars and a smile lights up my face.
    32. Re:Did everyone suddenly forget....? by Anonymous Coward · · Score: 0

      Especially in medicine, hospital systems are going to have to rethink their networks. It really can't be a standard Windows business-class 'works most of the time to some degree' type thing. It must be more along the line of a bank or Amazon - high availability, high security, fail over capability. You really shouldn't be able to, for example, hang around on Slashdot on the hospital network.

      Pen Tester here. It will take more than "Rethinking? Just thinking would help. Let me tell you hospital networks are the WORSE networks around. Every time I get handed a project that is a hospital I know it will be a long night of serious pwnage. Flat networks, they never patch, old systems laying around and things like to Domain Admin password is you guess it "password". Also they never fix anything even after an EPIC FAIL on there test.

      It must be more along the line of a bank Banks are just as bad also. Your money is not in that big vault in the bank it is in a wet paper bag sitting on the front porch.

      You would think that these two industries would have the tightest security but in reality they have the worse overall. The reason? These networks are run by business administrators and not engineers. The business admins are more worried about their P&L statements and bonuses than the security of their network

      Yes you are safer security wise putting your CC data in an adult toy store site and with a bank. I'm serious.

    33. Re:Did everyone suddenly forget....? by Anonymous Coward · · Score: 0

      The Northern Lincolnshire and Goole NHS Foundation Trust highly likely uses M$oft software ....very much prone to infection (pun intended) . Linux or BSD would provide so much better protection against any virus.

    34. Re:Did everyone suddenly forget....? by Anonymous Coward · · Score: 0

      This is a standard procedure and isn't all that uncommon to use. "Go paper" was fairly common in the health system I worked at. Not just as an emergency procedure, but for any sort of potential issues where delays weren't worth the trouble to the patient. /Former hospital sysadmin who won't go back to healthcare

    35. Re:Did everyone suddenly forget....? by lsatenstein · · Score: 1

      Did everyone suddenly forget how to use pen and paper for records?

      Do they not have paper they can write on till the computer system is back up and then retroactively enter the data in?

      Seriously, it wasn't that long ago that it was ALL paper records and charts....surely people can still write and notate on paper till the computer system comes up.

      If not, then we all SERIOUSLY need to reconsider having only electronic records for medical treatment, or a few hackers could really kill people...literally.

      With automation, pen and pencil have disappeared. Recall, schools do not teach recursive writing. And the advantage of electronic systems is sharing. Two hospitals can share xrays, mri info etc.

      --
      Leslie Satenstein Montreal Quebec Canada
    36. Re:Did everyone suddenly forget....? by rtb61 · · Score: 1

      People tend to forget how durable manual systems are. The minds of people, pencil, paper and ruler and you can organise anything. All digital and a major failure becomes a completely unnecessary catastrophe, quite foolish.

      --
      Chaos - everything, everywhere, everywhen
    37. Re:Did everyone suddenly forget....? by Anonymous Coward · · Score: 0

      Unlikely. It's an NHS hospital, which is is Britspeak for Nanny Healthcare State. Wouldn't happen in a business subject to the the rigores of the market.
      --
      roman_mir

  2. And they say using Windows has never killed anyone by Anonymous Coward · · Score: 0

    Any deaths occur that be attributed the delays caused by this?

  3. Re:And they say using Windows has never killed any by unixisc · · Score: 1

    Where in the story did it say that the IT system in question was based on Windows?

  4. Maybe they shouldn't be using the largest... by mark-t · · Score: 5, Informative

    ... virus attack vector in the first place. While I realize that no OS is immune to viruses, it seems that switching to an OS that isn't as widely targeted should at least substantially reduce the likelihood they would be susceptible... and as most of the alternatives are a variant on Unix, usually have enough restrictions on what users are allowed to do that no one end-user with normal privileges can render the system unusable for anyone else.

    --
    File under 'M' for 'Manic ranting'
    1. Re:Maybe they shouldn't be using the largest... by markdavis · · Score: 1

      They don't say, but we all know it is an MS-Windows based system.... probably clients and servers.

    2. Re:Maybe they shouldn't be using the largest... by Anonymous Coward · · Score: 1

      They probably don't have a choice of OS. That is likely determined by their software vendor. (I'm guessing you don't work in health care; the choices are very limited.)

    3. Re:Maybe they shouldn't be using the largest... by haruchai · · Score: 0

      I worked in healthcare IT - it's not "limited choice", it's the same end-user laziness that keeps people on Windows.

      --
      Pain is merely failure leaving the body
    4. Re:Maybe they shouldn't be using the largest... by Anonymous Coward · · Score: 0

      With all the regulations, different equipment needing management and lockdown it's difficult to run a large dynamic organization without key core Microsoft services like Active Directory.

      In all likelyhood here are the causes, in probably order:
      Local Admin rights on systems
      Out of date Operating System (EOL or Missing patches)
      No web filtering, like a Websense product
      Unpatched other applications
      disabling of weblinks in emails.

      Good IT management practices in 2016 should eliminate most of these issues.

      Still, a Microsoft-centric server infrastructure (Active Directory) could be extended to support Unix clients using products like Centrify.

      It takes investments in IT to operate in the modern world, number crunchers, lawyers and and the CFOs are the barriers to security.

    5. Re:Maybe they shouldn't be using the largest... by phantomfive · · Score: 1

      They probably don't have a choice of OS. That is likely determined by their software vendor.

      That merely shifts the blame. The software vendor was foolish for choosing that OS. Collective foolishness is still foolishness.

      --
      "First they came for the slanderers and i said nothing."
    6. Re:Maybe they shouldn't be using the largest... by nuckfuts · · Score: 1

      It is so tedious hearing people trot out this rationale. If a majority of people switched to "a variant on Unix", it would then BECOME the "largest virus attack vector".

      And don't kid yourself that your OS of choice is intrinsically more secure simply because it's not Windows.

    7. Re:Maybe they shouldn't be using the largest... by guruevi · · Score: 3, Interesting

      I do work in the business, we run my department completely on Mac and Linux, not only that but we have almost no proprietary software. All of our core software is open source with only a few things like certain visualization software that isn't.

      The problem isn't choice, the problem is nobody cares that your hospital is a billion dollars over budget, government and insurance will pay for it. Another symptom is the "head count problem", a CIO is successful if it can reduce the amount of people working for it and as such it's liability.

      The reason everything is shifting to being outsourced is liability, if a contractor or a vendor screws up, the hospital doesn't have to notify anyone and the contracting company (a glorified shell company) in worst case can just change it's name or cease operations, even better if your local laws don't apply to the contractor. Either way, nobody is held responsible or embarrassed.

      --
      Custom electronics and digital signage for your business: www.evcircuits.com
    8. Re:Maybe they shouldn't be using the largest... by Mashiki · · Score: 3, Informative

      Don't know what company you worked for, or who you were forced with. But I've done several big installations of new healthcare hardware and software(hospitals and dr's offices) . They all required Windows because the company that made the software, which was required to communicate with provincial offices for billing required a "common database" for communication. That's the way it was in 1999 in my first job doing it, and that's the way it was on the last healthcare job I did ~3 years ago. So depending on where you are, it can indeed be "limited choice" and you can enjoy all the fuckedupness that goes along with it.

      --
      Om, nomnomnom...
    9. Re:Maybe they shouldn't be using the largest... by Ichijo · · Score: 1

      But I've done several big installations of new healthcare hardware and software(hospitals and dr's offices) . They all required Windows

      An unpatched version of Windows, with local admin rights?

      --
      Any sufficiently unpopular but cohesive argument is indistinguishable from trolling.
    10. Re:Maybe they shouldn't be using the largest... by Anonymous Coward · · Score: 0

      :-)

      The vendor was Microsoft.

    11. Re:Maybe they shouldn't be using the largest... by Voyager529 · · Score: 4, Insightful

      They probably don't have a choice of OS. That is likely determined by their software vendor.

      That merely shifts the blame. The software vendor was foolish for choosing that OS. Collective foolishness is still foolishness.

      The problem isn't "the software vendor", it's "all the software vendors".

      EMR is more frequently than not a SaaS application like PointClickCare. Have Browser, Will Travel. This is the height of "cross platform awesomeness". It's also basically the end of the highlights.

      Prescription medication inventory and ordering software is a trainwreck, and even if that's ported to Linux, now you have to worry about some highly specific printers, some with MICR funcitonality, for which you'll need drivers.

      Then, let's get into all the different gadgets in a hospital, from MRI machines to EKG logging to weight distribution sensors to X-ray machines to chiropractic thermal sensors to sonogram machines to things I simply haven't spent enough time in a hospital to recall. A nontrivial amount of these machines cost a solid six figures or more and require dedicated training in their use...and all have a highly vertical software stack that even flows into downstream situations (doctors don't exactly get 3D MRI scans in PDF formats...), and yes, there's frequently DRM involved.

      There's also the billing office, which is the kind of place where drop-in replacement for the existing billing software *and* near-infinite accessibility of archived data is going to be a requirement. I wouldn't be surprised if more than a handful of hospitals are either still directly using an AS/400, or a frontend for one. To be fair, this is one place where a number of EMR vendors as well as separate cloud vendors have products, but incumbent data is going to be a major problem.

      Remember how I said it wasn't "the vendor"? I wasn't kidding - it's *all the vendors*. If a hospital is going to switch to Linux, everything above has to be compatible. Tell a hospital they need to replace their three year old, $4 million MRI machine because it's not Linux compatible, and see how far that gets you. Conversely, the software developers who write the custom software to run that MRI machine aren't going to reinvent the wheel because one hospital says "pretty please", and even if half of those vendors *did* revamp their software for Linux *and* they managed to avoid situations like one company only supporting Red Hat while another company only supports Ubuntu...you'll still need to have Windows around for the other half.

      Ultimately, it's a chicken-and-egg problem, because it requires far too much cooperation from far too many people at once to write some highly expensive software for a niche within a niche. Don't get me wrong, if Mark Shuttleworth wants to spend a billion or two to target a specific hospital and cover the bill to bootstrap the development of a fully HIPPA compliant Ubuntu software stack and ensure that there isn't a device, application, or workflow in that hospital that would require Windows, I'd be beyond thrilled. However, I'm not holding my breath on that.

    12. Re:Maybe they shouldn't be using the largest... by Anonymous Coward · · Score: 0

      Good management would have eliminated Windows as NOT FIT FOR PURPOSE.

    13. Re:Maybe they shouldn't be using the largest... by Anonymous Coward · · Score: 0

      Nope. Microsoft doesn't fix security failures; just shuffles them around. Then calls them a "feature"

    14. Re:Maybe they shouldn't be using the largest... by Anonymous Coward · · Score: 1

      That's certainly the case. Most vendors only have software which runs on Windows. While increasingly, some is becoming web accessible, the vendors are still often insisting on windows backends.

      Not only that, but some vendors simply don't want to test on multiple platforms. My hospital recently a year ago for an EMR system, and we got 1 single bid. We put in the tender document that the client software must work on Mac OS (via Safari) and linux (via firefox) as well as on Windows. However, as we got 1 bid only, the vendor simply put "supported client browsers: internet explorer 8 on windows 7"

      The other problem is that hospital IT departments in the UK often aren't great. They seem to be regarded as a sunk cost, and because salaries cannot be set by the employing hospital, they are set nationally according to strict guidelines, it is very difficult to get IT staff with a decent skill set. One of the hospitals near me recently advertised for a full-time developer with oracle, JavaEE experience and various other skills - the advertised salary $22k. I don't expect the quality of candidates for that job to be particularly great, or that IT department to be particularly well staffed.

      I certainly know that my IT department are stretched to the limit with many things. We recently purchased a X-ray image storage/viewing solution, including software and servers. The Software vendor provided a complete turnkey solution; they'd provide and manage the hardware and co-locate it on our site in our datacentre. When the vendor said they'd be providing HP servers and EMC SAN, I saw my CTO's face go white, "We only have staff with Dell and Compellant experience and training." "Don't worry. You'll just have to babysit, check cables, and hard reboot, if we can't reboot it with the remote management system" "Err. I don't know if my staff will be able to manage that."

    15. Re:Maybe they shouldn't be using the largest... by haruchai · · Score: 1

      "required a "common database" for communication"? In 1999? So Microsoft Access?

      --
      Pain is merely failure leaving the body
    16. Re:Maybe they shouldn't be using the largest... by mark-t · · Score: 1

      It's intrinsically more secure not because it's not windows, but because it's not built upon a paradigm where users without at least some system admin privileges can't do anything useful with the system.

      --
      File under 'M' for 'Manic ranting'
    17. Re: Maybe they shouldn't be using the largest... by Anonymous Coward · · Score: 0

      Variant of Unix running on a non-windows compatible mainframe should be fairly secure. Do you think they trust their payroll to Microsoft machines? No its running on a mainframe.

    18. Re: Maybe they shouldn't be using the largest... by Billly+Gates · · Score: 1

      Really so people still like using XP and IE 6 in 2016? Wow

      --
      http://saveie6.com/
    19. Re: Maybe they shouldn't be using the largest... by Billly+Gates · · Score: 1

      NIH still uses XP and IE 6.

      I thought they did still pay MS for custom patches

      --
      http://saveie6.com/
    20. Re:Maybe they shouldn't be using the largest... by Anonymous Coward · · Score: 2, Interesting

      Medical imaging uses a networking standard called Dicom. Some equipment are running Windows, other Linux, some review stations Mac Os, etc...

    21. Re:Maybe they shouldn't be using the largest... by Sperbels · · Score: 1

      And don't kid yourself that your OS of choice is intrinsically more secure simply because it's not Windows.

      If you don't see a problem with letting the common user have administrative permissions, then perhaps you're not the best judge of security. Windows has made some big improvements here, but it's still got some issues. Don't kid yourself into believing that rarity is the only reason why Linux is safer.

    22. Re: Maybe they shouldn't be using the largest... by ilguido · · Score: 1

      There are medical devices that are just some machine attached to a WinXP PC with a special software (Windows only). The same goes for industrial automation, there are industrial controllers made of a cheap SOC with Windows CE 5.0 (!) in 2016 (!!).

    23. Re:Maybe they shouldn't be using the largest... by Anonymous Coward · · Score: 0

      Largest vector = most popular OS = the one that is supported by the systems vendors. It's no good having a glorious, robust desktop setup if the users can't get their clinical software on it -- and the support there is "windows yes, hey we even support 7 now; mac maybe; linux lol what".

    24. Re:Maybe they shouldn't be using the largest... by houghi · · Score: 2

      Reminds me of when the "I Love Virus" hit our company and the rest of the world. Our IT department decided to close down the company. Meaning everybody, except IT staff had to leave the building and go home.
      What I did was launch the dualboot BeOS and others their Linux as we got a LOT of request from other companies regarding the virus.
      It took us all of 2 minutes to be operational again in some sort.

      We did the same when the authentication server went down and IT tried to blame it on the routers.

      So having more than 1 point of failure is somehow interesting.

      Let it be noted that my boss then told us that he had not seen us using any other OS besides Windows and that we should not mention it to him if we did and that he would understand if we forgot to tell him during these type of days. I have the slight impression that he knew and was just covering his ass, while protecting us. Just a hunch.

      --
      Don't fight for your country, if your country does not fight for you.
    25. Re: Maybe they shouldn't be using the largest... by Anonymous Coward · · Score: 0

      My local hospitals have been using Win 7 for about a year think - they'd not long changed last time I was in

    26. Re:Maybe they shouldn't be using the largest... by Grishnakh · · Score: 1

      This is total BS.

      First off, not everything has to run Linux. Go look at the software running on your infuser pump; it's not Windows, nor is it Linux, it's some RTOS. Anything else would be criminally negligent. Your MRI machine doesn't need to run Linux (though it'd be nice), you just have to be able to communicate with it. What needs to run on Linux is the main infrastructure, patient records, billing, etc. Some scanner or whatever doesn't matter; if your MRI machine catches a virus and goes down, that sucks for anyone who had an MRI scheduled, but the rest of the hospital can continue operations without it, and not have to worry about getting infected by it too.

      Finally, no hospital has "chiropractic thermal sensors", or chiropractic anything for that matter. Chiropractic isn't real medicine, it's bullshit, and you won't find it in a real hospital.

    27. Re:Maybe they shouldn't be using the largest... by tehcyder · · Score: 1

      If your business gives ordinary users administrative permissions and they accidentally the whole system that's not really Microsoft's fault.

      --
      To have a right to do a thing is not at all the same as to be right in doing it
    28. Re:Maybe they shouldn't be using the largest... by Anonymous Coward · · Score: 0

      Hi United Lincolnshire Hospitals Trust

      Someone just used your password to try to sign in to your Boogre Account ulht@bmail.com.

      Details:
              Saturday, 19 March, 8:34:30 UTC
              IP Address: 134.249.138.239
              Location: Elbonia

      Boogre stopped this sign-in attempt. You should change your password immediately.

      [ CHANGE PASSWORD ]

      Best,
      The Bmail Teem

      _______
      Hey, why not? It worked against Podesta!

    29. Re:Maybe they shouldn't be using the largest... by GNious · · Score: 1

      Only been exposed to one It system at a medical facility - it was a thin-client, unix based thing, with not a single windows machine in sight.
      It was also early 1990'ies, with dot-matrix printers and other goodies :)

    30. Re:Maybe they shouldn't be using the largest... by beastofburdon · · Score: 1

      Chiropractic isn't real medicine, it's bullshit, and you won't find it in a real hospital.

      The physical therapy department of every hospital large enough to have one would like to have a word with you.

    31. Re:Maybe they shouldn't be using the largest... by Grishnakh · · Score: 1

      Citation needed. Chiropractic is not physical therapy, it's an entirely different thing with different schools, and is not actual evidence-based medicine.

    32. Re:Maybe they shouldn't be using the largest... by beastofburdon · · Score: 1

      No, you need citation. Physical therapy uses chiropractic techniques all the time. Just because there are frauds that exist within a field does not mean that the field itself is a fraud, but apparently there are people out there far too stupid to grasp this concept.

    33. Re:Maybe they shouldn't be using the largest... by Grishnakh · · Score: 1

      The whole field is a fraud, since it all depends on the idea of "subluxations" which are mystical BS. But apparently people like you are too stupid to understand basic science.

      It doesn't help that most chiropractors buy into lots of other BS quack stuff like applied kinesiology, homeopathy, etc. But I guess morons like you believe in that stuff too, right?

    34. Re:Maybe they shouldn't be using the largest... by beastofburdon · · Score: 1

      I don't know what the fuck you are referring to as a chiropractor, but around here they manipulate the spine to relieve pressure on nerves and fix misalignment of vertebrae. I have not once seen a chiropractor who believes in the bullshit you are spouting off about. I suspect you are more than a just a bit on the delusional side.

    35. Re:Maybe they shouldn't be using the largest... by Grishnakh · · Score: 1

      You're completely clueless about the "science" behind the profession you promote. Try reading and getting educated:

      https://en.wikipedia.org/wiki/...

    36. Re:Maybe they shouldn't be using the largest... by beastofburdon · · Score: 1

      Wow, you're like a religious zealot waging a crusade against a profession you know nothing about. Well, at least I know where you are from now, because only a Brit could be that full of shit and still be that arrogant.

    37. Re:Maybe they shouldn't be using the largest... by Grishnakh · · Score: 1

      Wow, what a fucking moron you are. You call a well-researched Wikipedia article on the profession "religious zealotry"? Who's the religious one?

  5. Major incident caused by a "computer virus" by khz6955 · · Score: 4, Interesting

    What was the name of this "computer virus" and what was the name of the Operating System platform?

    1. Re:Major incident caused by a "computer virus" by Anonymous Coward · · Score: 0

      I work in hospital IT, I'm going to guess locky on windows.

    2. Re:Major incident caused by a "computer virus" by leathered · · Score: 4, Interesting

      From what I've heard it's a ransomware variant. The NHS is virtually all-Microsoft.

      I currently work in IT for an NHS trust. We've had several incidents involving ransomware encrypting files on shares but they've been contained and easily dealt with because 1) we have a highly granular file structure, users only have write access to shares and folders that is absolutely necessary and access is regularly audited. 2) a snapshotting file system which makes it a lot easier to recover files than restoring from tape. 3) by identifying the ownership of the encrypted files we can nail the culprit quickly and remove their access immediately to prevent further damage.

      Anti Virus has proven to be useless, the people who write this stuff are always one step ahead of the AV vendors.

      --
      For all intensive porpoises your a bunch of rediculous loosers
    3. Re:Major incident caused by a "computer virus" by Bongo · · Score: 1

      So was that trust hit somewhere critical, or was the shutdown just to stop it spreading?

    4. Re:Major incident caused by a "computer virus" by WallyL · · Score: 1

      What filesystem do you use? I would like to know what snap-shotting filesystem you use that serves Windows systems.

    5. Re:Major incident caused by a "computer virus" by Anonymous Coward · · Score: 0

      ZFS over Samba

  6. Re:And they say using Windows has never killed any by __aaclcg7560 · · Score: 1

    Where in the story did it say that the IT system in question was based on Windows?

    That's typically the case. Some of my best paying IT support contracts I've done are hospitals. Job security that pays well.

  7. IT Admin wanted... by dfsmith · · Score: 4, Informative

    They're currently posting an ad for an IT Admin (asset mgmt) at UKP 17k (~$20k/yr). Great advertising... any takers? http://jobs.nlg.nhs.uk/job/UK/...

    1. Re:IT Admin wanted... by ELCouz · · Score: 1

      wow IT workers are really working for pennies? Thank god I didn't follow my career into that!!!!

    2. Re:IT Admin wanted... by Anonymous Coward · · Score: 0

      No, because the salary isn't nearly low enough for IT.

    3. Re:IT Admin wanted... by Anonymous Coward · · Score: 0

      20K in a hospital environment is an insult to ones intelligence. If you go for that offer you are exactly the type of desperate moron they're looking for. No way I would take on such an important responsibility for less than $90K (depending on size of hospital and how many workstations). IT is the backbone of any modern corporation. Without IT your company is screwed. Maybe if you put another zero on the end they'll actually get some qualified bachelors candidates. Teenagers that work at Taco Bell will clear 20K. No wonder that hospital is in the news for having a virus meltdown.

    4. Re: IT Admin wanted... by Billly+Gates · · Score: 1

      Boy it seems we cannot find any qualified candidates!

      I wonder where we can find top talent at the given price point??!

      --
      http://saveie6.com/
  8. Black hat hackers kill by Anonymous Coward · · Score: 0

    Peoples lives get put in danger when they hack hospitals and call in swats to police. People can die or suffer because they're greedy for money. And the worst part is they probably actually don't care if people die as long as they get money. Its a similar attitude scammers and kidnappers have.

    1. Re:Black hat hackers kill by guruevi · · Score: 2

      Some people are criminals, what else is new? If only people weren't thieves, I wouldn't need locks on my door. Computer virus propagation on corporate networks is simple negligence, there is no reason after nearly 40 years of viruses that an entire system can be brought down with a simple criminal act.

      This is similar to someone cuttting the power or water supply to a hospital and for some reason we have thought about and funded all THOSE failure modes but lo and behold the magic computing devices, they have never been able to operate without a complicated desktop windowing system, a system that directly connects all of them to a bidirectional sewage system AND a skeleton key the entire world owns.

      --
      Custom electronics and digital signage for your business: www.evcircuits.com
  9. Betcha they still run Windows XP by Anonymous Coward · · Score: 0

    They could probably invest in upgrading if we could get tort reform and put the ambulance chasers out of business.

    1. Re:Betcha they still run Windows XP by Hognoxious · · Score: 1

      I'm not very good at geography. Tell me, which state are Lincolnshire and Goole in?

      --
      Confucius say, "Find worm in apple - bad. Find half a worm - worse."
    2. Re:Betcha they still run Windows XP by BlueStrat · · Score: 5, Funny

      Tell me, which state are Lincolnshire and Goole in?

      Mostly solid, with some liquid and gaseous thrown in.

      Oh, and confusion and frustration as well.

      Such a sad state.

      Strat

      --
      Progressivism (aka US 'Liberalism'): Ideas so good they need a police/surveillance-state to enforce.
    3. Re: Betcha they still run Windows XP by Anonymous Coward · · Score: 0

      You win the Internets today, good sir !! :)

      If only I had mod points.

    4. Re:Betcha they still run Windows XP by hoofie · · Score: 3, Informative

      This is the UK. No patients are billed excepting for the occasional private room one and ambulance chasers for medical cases are very rare in the UK purely because even if they do win [Medical Negligence is not easy to prove in the UK and cases are dealt with by a judge only] the payout does not result in a huge legal payday. Speculative lawsuits in the UK are a non-starter.

    5. Re:Betcha they still run Windows XP by houghi · · Score: 1

      Reading this I had State of Independence by Jon Anderson and Vangelis in my head.

      --
      Don't fight for your country, if your country does not fight for you.
  10. Do all network based systems need the Internet? by Streetlight · · Score: 2

    I'm assuming the virus got into the hospital's record keeping data system through an Internet connection. This makes me wonder if every system in the hospital is connected to the public Internet, including life support systems such as ventilators, heart monitors, etc., and and other devices such as robotic surgery machines, analytical laboratory equipment, x-ray data analysis computers, and more. Every data storage and manipulation device does not need to be on the general public Internet. Imagine if a county's ICBM launch systems were connected to the public Internet. The mind boggles. Even if these many systems were not on the Internet, a black hat with access to a significant collection of important networked computers can still do damage. The Stuxnet compromise of the Iranian uranium enrichment centrifuges is a perfect example.

    --
    In a time of universal deceit, telling the truth is a revolutionary act. George Orwell
    1. Re:Do all network based systems need the Internet? by Anonymous Coward · · Score: 0

      Most of the devices are not connected directly to the internet, but many of them do need to upload their results to the hospital's intranet. While it's not explicitly spelled out, it appears that in this case a ransomware infected general-purpose computer has been given access to network drives on the intranet, corrupting the hospital's records. While probably none of the fancy equipment is infected - they tend to use client/server applications rather than direct network shares - much of the data that they rely on is no longer available.

      They can presumably restore the network shares from backup, but they'll just get re-encrypted unless they can identify and pull the infected computers off the network. If there were appropriate audit trails for modifying network shares, doing that would be straightforward, but everyone knows many organizations aren't exactly organized...

  11. Oh Great. by Fnord666 · · Score: 1

    Operation's been canceled? Guess it's time to break out the wire snippers.

    --
    'The tyrant will always find pretext for his tyranny.' - Aesop's Fables
  12. Almost sounds like an actual virus attack by GuB-42 · · Score: 1

    Replace "computer virus" with "virus" and "network shut-down" with "quarantine" and you get a nice scenario just a few days late for Halloween.
    Maybe we could add a few zombies to spice things up.

  13. whoosh by Anonymous Coward · · Score: 0

    because it's not Windows.

    Nope, that's not it, not at all. The point is that an open source OS means you are not limited to single vendor support. "Competition" actually means something when you are able to take advantage of it.

  14. Rely on technology too much by Anonymous Coward · · Score: 1

    After a recent experience myself I can say for sure that hospitals are not prepared for a attack on their technology. For one, I don't think many working the devices know much about securing them. When they break or fail to work they just set them aside until someone comes from the company or service company. I saw a lot of internal systems running older Windows and probably not completely protected or updated. It's a ticking time bomb that nobody is addressing.

  15. Re:And they say using Windows has never killed any by Anonymous Coward · · Score: 0

    Besides being the ONLY operating system that is so susceptible to a virus attack:

    http://www.computerweekly.com/feature/Is-Microsoft-deal-best-medicine-for-NHS

  16. Re:And they say using Windows has never killed any by Anonymous Coward · · Score: 0

    Well, the keyword being "virus". Unless they use old Macintosh systems. Virus, usually implies Windows.

  17. Hospital virus by Anonymous Coward · · Score: 0

    Your story needs updating. Most systems back online. Check their websit

  18. Computer virus? Or Windows virus? by troublemaker_23 · · Score: 5, Interesting

    Why does ZDNet always hide the fact that Windows is the operating system involved when viruses, worms, malware, scumware, ransomware etc are involved?

    1. Re:Computer virus? Or Windows virus? by SeaFox · · Score: 1

      They aren't hiding it. They're just not mentioning it because it's not newsworthy.
      It would be like reporting that it rained and you're asking why they didn't say if it rained water.
      If it wasn't water, they would have made a big deal out of it.

    2. Re:Computer virus? Or Windows virus? by vandamme · · Score: 1

      "Man Bites Dog" is news. "Windows gets Malware" is not news.

  19. Pen & paper only works for very small Hospital by Anonymous Coward · · Score: 0
    Pen and Paper only works for very small Hospitals. One of the drivers for digitising patient records is availability - the moment that something is entered into the system, it is available to everyone involved in providing patient care. Back in the 'old days' when people relied on paper, Hospitals employed people whose job was to distribute the documents where needed, make copies, etc. Since Hospitals went digital these people were let go and Business processes adapted to take advantage of the new way of doing things.

    You have other changes as well. Consider that in many Hospitals they employ radiographers to review x-rays and MRI scans. These are now digital documents (film is for old people) and Hospitals can employ services from radiographers who telecommute rather than having to dedicate space on site. A major IT Security incident has the capacity to disrupt access to these digital studies, and 'going paper' is pointless.

    There is always the temptation for Hospitals to take the savings they make by going digital and investing them in clinical services, rather than 'hardening' their IT infrastructure to protect the delivery of safe and sustainable services..

    This is another example of what happens when the chickens come home to roost and crap on a specialists Bentley :-)

  20. Premeditated outcome? by Anonymous Coward · · Score: 0

    If this outcome was the intention of the virus creator/s then this is beyond black-hat, this is just sick. Even the black hats should be hunting the creator down and crucifying them.

  21. better software is needed by Joe_Dragon · · Score: 1

    they need to fix.

    apps that need local admin to run
    apps that have a fixed user login
    apps that don't run after os updates
    apps that only work with old IE vers
    apps must have a open link to a 3rd party outside vendor to work.

  22. pay for your own background check as well by Joe_Dragon · · Score: 1

    pay for your own background check as well.

    wow that is as bad as this one Data Center that after having a robbery wanted to pay a armed guard near mini wage with bring your own gun being a big plus.

  23. I wince every time I go to a medical facility. by Anomalous+Co-worker · · Score: 1

    Here in Hobart, Tasmania, I wince every time I go to a medical facility because many of them are still using PCs running Windows XP. I have yet to see one running a currently supported version of Windows. I expect an event like the one reported in the article any day now.

  24. Irony by Anonymous Coward · · Score: 0

    Oh the irony if the virus writter infects the hospital network thus shutting it all down etc on to have a hit-run accident and taken to the very same hospital and dies (if we are lucky) or is seriously injured and unable ti be treated due to the downed IT system. How we would laugh

  25. Network segregation by Anonymous Coward · · Score: 0

    There's no reason to have critical systems on the main network, connected to the internet. Software and vendors aside, a properly segmented network would limit the outbreak of a virus to non-critical systems.

    1. Re:Network segregation by Streetlight · · Score: 1

      I'm not sure there are non-critical systems in a hospital. Surely all the computers and their networks are critical in one way or another, including billing, employee attendance records and payroll or they wouldn't be there.

      --
      In a time of universal deceit, telling the truth is a revolutionary act. George Orwell
  26. This will not be fixed..... by wap3com · · Score: 1

    ...until the right person dies.
    I spent 20 years with 911/999/etc and that is the motto there also.

    So until some important lorrie/torrie/libdem/publican't loses a parent/spouse/child to hacking....it will not be fixed.

    Until then install VirtualBox and with a VM for SolydK.
    Been using for 3 years with not problems in auto-updates.
    Developers came from Debian.

  27. They found a virus by Anonymous Coward · · Score: 0

    at a Hospital. Who'da thunk?

  28. May that will teach the government by Anonymous Coward · · Score: 0

    not to weaken security and introduce backdoors.

  29. Economies of scale versus anti-fragility by eric_harris_76 · · Score: 1

    With increased size come economies of scale. Or at least,t he possibility of economies of scale.

    With increased size come outages or destruction which affect larger numbers of people. Or at least the possibility of such outages or destruction.

    Barings Bank comes to mind.

    So does Nassim Nicholas Taleb's anti-fragility.

    --
    There's no time like the present. Well, the past used to be.
  30. Yo dawg by Hognoxious · · Score: 1

    Recall, schools do not teach recursive writing.

    That's because if they taught recursive writing they'd have to teach recursive writing.

    --
    Confucius say, "Find worm in apple - bad. Find half a worm - worse."