Computer Virus Attack Forces Hospitals To Cancel Operations, Shut Down Systems

A hospital system in the United Kingdom has canceled all planned operations and diverted major trauma cases to neighboring facilities citing a computer virus outbreak. From a report on ZDNet: The Northern Lincolnshire and Goole NHS Foundation Trust says a "major incident" has been caused by a "computer virus" which infected its electronic systems on Sunday. As a result of the attack, the hospital has taken the decision to shut down the majority of its computer networks in order to combat the virus. "A virus infected our electronic systems [on Sunday] and we have taken the decision, following expert advice, to shut down the majority of our systems so we can isolate and destroy it," said Dr Karen Dunderdale, the trust's deputy chief executive. The use of a shared IT system also means the United Lincolnshire Hospitals Trust has been taken offline as staff attempt to combat the attack. As a result of the attack, all outpatient appointments and diagnostic procedures that were set to take place at the infected hospitals on Monday and Tuesday have been canceled, while medical emergencies involving major trauma and women in high-risk labor are being diverted to neighboring hospitals.

Did everyone suddenly forget....?

[cayenne8]

Did everyone suddenly forget how to use pen and paper for records?

Do they not have paper they can write on till the computer system is back up and then retroactively enter the data in?

Seriously, it wasn't that long ago that it was ALL paper records and charts....surely people can still write and notate on paper till the computer system comes up.

If not, then we all SERIOUSLY need to reconsider having only electronic records for medical treatment, or a few hackers could really kill people...literally.

Re:Did everyone suddenly forget....?

[SeaFox]

But they'd then have to issue several copies of the same records/data/requests to forward them to various departments of the hospital. People would be loathe to writing the same thing down several times, and I'm suspecting that they no longer use carbon paper. So using hand written instructions would be out of the question

If only there was some sort of machine that made a photo-perfect copy of the writing and illustrations on paper...

Re:Did everyone suddenly forget....?

[DarkOx]

Its one thing for your local Applebees to bust out the hand held check pad for the evening if the computers are down.

The worst that happens is someone screws up and few meals have to get comped, maybe some supplies don't get reordered etc. As long as they get it mostly right things will be fine.

Its different in a Hospital, mostly right is often not only not good enough but deadly. You don't want staff suddenly using a fall back procedure they have comparatively little training and practice with! If its an emergency and you have a triage situation because of a disaster that is one thing, but you would be foolish to do anything that is elective or can be safely postponed.

Re:Did everyone suddenly forget....?

[ColdWetDog]

While everyone has paper fall back systems in place, they're rarely, if ever, tested because you've then just given everyone double the work load for some period of time. Always a winner when it comes to employee satisfaction.

Also, computers are increasingly used as decision support tools. Yes, you could, theoretically, put that logic flow down on paper. In fact, that would be a useful exercise to do so you could step through everything. No, people aren't going to go do that (see above).

Especially in medicine, hospital systems are going to have to rethink their networks. It really can't be a standard Windows business-class 'works most of the time to some degree' type thing. It must be more along the line of a bank or Amazon - high availability, high security, fail over capability. You really shouldn't be able to, for example, hang around on Slashdot on the hospital network.

Oh. Wait.

Maybe they shouldn't be using the largest...

[mark-t]

... virus attack vector in the first place. While I realize that no OS is immune to viruses, it seems that switching to an OS that isn't as widely targeted should at least substantially reduce the likelihood they would be susceptible... and as most of the alternatives are a variant on Unix, usually have enough restrictions on what users are allowed to do that no one end-user with normal privileges can render the system unusable for anyone else.

Re:Maybe they shouldn't be using the largest...

[guruevi]

I do work in the business, we run my department completely on Mac and Linux, not only that but we have almost no proprietary software. All of our core software is open source with only a few things like certain visualization software that isn't.

The problem isn't choice, the problem is nobody cares that your hospital is a billion dollars over budget, government and insurance will pay for it. Another symptom is the "head count problem", a CIO is successful if it can reduce the amount of people working for it and as such it's liability.

The reason everything is shifting to being outsourced is liability, if a contractor or a vendor screws up, the hospital doesn't have to notify anyone and the contracting company (a glorified shell company) in worst case can just change it's name or cease operations, even better if your local laws don't apply to the contractor. Either way, nobody is held responsible or embarrassed.

Re:Maybe they shouldn't be using the largest...

[Mashiki]

Don't know what company you worked for, or who you were forced with. But I've done several big installations of new healthcare hardware and software(hospitals and dr's offices) . They all required Windows because the company that made the software, which was required to communicate with provincial offices for billing required a "common database" for communication. That's the way it was in 1999 in my first job doing it, and that's the way it was on the last healthcare job I did ~3 years ago. So depending on where you are, it can indeed be "limited choice" and you can enjoy all the fuckedupness that goes along with it.

Re:Maybe they shouldn't be using the largest...

[Voyager529]

They probably don't have a choice of OS. That is likely determined by their software vendor.

That merely shifts the blame. The software vendor was foolish for choosing that OS. Collective foolishness is still foolishness.

The problem isn't "the software vendor", it's "all the software vendors".

EMR is more frequently than not a SaaS application like PointClickCare. Have Browser, Will Travel. This is the height of "cross platform awesomeness". It's also basically the end of the highlights.

Prescription medication inventory and ordering software is a trainwreck, and even if that's ported to Linux, now you have to worry about some highly specific printers, some with MICR funcitonality, for which you'll need drivers.

Then, let's get into all the different gadgets in a hospital, from MRI machines to EKG logging to weight distribution sensors to X-ray machines to chiropractic thermal sensors to sonogram machines to things I simply haven't spent enough time in a hospital to recall. A nontrivial amount of these machines cost a solid six figures or more and require dedicated training in their use...and all have a highly vertical software stack that even flows into downstream situations (doctors don't exactly get 3D MRI scans in PDF formats...), and yes, there's frequently DRM involved.

There's also the billing office, which is the kind of place where drop-in replacement for the existing billing software *and* near-infinite accessibility of archived data is going to be a requirement. I wouldn't be surprised if more than a handful of hospitals are either still directly using an AS/400, or a frontend for one. To be fair, this is one place where a number of EMR vendors as well as separate cloud vendors have products, but incumbent data is going to be a major problem.

Remember how I said it wasn't "the vendor"? I wasn't kidding - it's *all the vendors*. If a hospital is going to switch to Linux, everything above has to be compatible. Tell a hospital they need to replace their three year old, $4 million MRI machine because it's not Linux compatible, and see how far that gets you. Conversely, the software developers who write the custom software to run that MRI machine aren't going to reinvent the wheel because one hospital says "pretty please", and even if half of those vendors *did* revamp their software for Linux *and* they managed to avoid situations like one company only supporting Red Hat while another company only supports Ubuntu...you'll still need to have Windows around for the other half.

Ultimately, it's a chicken-and-egg problem, because it requires far too much cooperation from far too many people at once to write some highly expensive software for a niche within a niche. Don't get me wrong, if Mark Shuttleworth wants to spend a billion or two to target a specific hospital and cover the bill to bootstrap the development of a fully HIPPA compliant Ubuntu software stack and ensure that there isn't a device, application, or workflow in that hospital that would require Windows, I'd be beyond thrilled. However, I'm not holding my breath on that.

Major incident caused by a "computer virus"

[khz6955]

What was the name of this "computer virus" and what was the name of the Operating System platform?

Re:Major incident caused by a "computer virus"

[leathered]

From what I've heard it's a ransomware variant. The NHS is virtually all-Microsoft.

I currently work in IT for an NHS trust. We've had several incidents involving ransomware encrypting files on shares but they've been contained and easily dealt with because 1) we have a highly granular file structure, users only have write access to shares and folders that is absolutely necessary and access is regularly audited. 2) a snapshotting file system which makes it a lot easier to recover files than restoring from tape. 3) by identifying the ownership of the encrypted files we can nail the culprit quickly and remove their access immediately to prevent further damage.

Anti Virus has proven to be useless, the people who write this stuff are always one step ahead of the AV vendors.

IT Admin wanted...

[dfsmith]

They're currently posting an ad for an IT Admin (asset mgmt) at UKP 17k (~$20k/yr). Great advertising... any takers? http://jobs.nlg.nhs.uk/job/UK/...

Re:Betcha they still run Windows XP

[BlueStrat]

Tell me, which state are Lincolnshire and Goole in?

Mostly solid, with some liquid and gaseous thrown in.

Oh, and confusion and frustration as well.

Such a sad state.

Strat

Computer virus? Or Windows virus?

[troublemaker_23]

Why does ZDNet always hide the fact that Windows is the operating system involved when viruses, worms, malware, scumware, ransomware etc are involved?

Re:Betcha they still run Windows XP

[hoofie]

This is the UK. No patients are billed excepting for the occasional private room one and ambulance chasers for medical cases are very rare in the UK purely because even if they do win [Medical Negligence is not easy to prove in the UK and cases are dealt with by a judge only] the payout does not result in a huge legal payday. Speculative lawsuits in the UK are a non-starter.