Poor anti-virus left ‘back door’ for hospital attack
Badly-configured and missing anti-virus leaves a major London hospital Trust embarrassed and with work to do to improve its IT.
The computer virus attack which infiltrated Barts and the London NHS Trust's 4,700-strong PC network last year was due to anti-virus not being implemented properly.
This was according to an independent review carried out by Tony Rowe, a specialist IT consultant recommended by the NHS London Programme for IT.
As well as calling the incident "entirely avoidable", the review also said that there was a "substantive failure" of the Trust's information governance processes - especially those within the ICT domain.
Although the Trust's virus protection was updated on a daily basis prior to the attack, it did not reach all PCs and was configured incorrectly on some PCs.
This left the "back door" which the Mytob' virus used to infiltrate the network. The investigation also revealed that the virus was introduced accidentally, with no malicious intent.
The report concluded: "This incident could have threatened the well-being of patients and the morale of staff, as well as the long-term reputation of the Trust."
However, the report had some praise for hospital staff, saying that the possibility of such a serious outcome did not turn into reality thanks to their flexible and reactive responses. Rowe said that it was a difficult and challenging incident for the hospital community.
Sign up today and you will receive a free copy of our Future Focus 2026 report - the leading resource for IT decision-maker insight on priorities and investment areas in AI, security and more.
An intensive programme of measures to improve management systems and processes is now due for completion by April, which will improve the Trust's protection and significantly reduce the risk of another attack.
-
AWS hits back at EU cloud 'gatekeeper' designation hintsNews Gatekeeper designation under the legislation would force AWS and Microsoft to make concessions
-
Is the Top500 meaningless? Not so, says US national laboratory CTOIn-depth LINPACK may measure only one process, but there are real and meaningful use cases for exascale systems