Tuesday, January 20, 2009

Conficker Infects Sheffield, UK Hospitals

Yesterday The Register reported that three out of ten Windows PCs are still not patched with MS08-067 against Win32/Conficker.B/Downadup infections. The story today, however, is more serious. More than 800 computers in the Sheffield Teaching Hospitals Trust are reported infected with Conficker.

It is bad enough when that number is home PCs but when the number includes a city's hospitals, the results are disastrous. How did the Sheffield Teaching Hospitals get infected? Microsoft automatic security updates were disabled during Christmas week after computers in an operating theater restarted during surgery. It did not take long after that. Conficker was detected on December 29.

From The Register:

"David Whitham, the Trust's informatics director, said in a statement: "We do not know how the virus entered the network but at around the same time as the virus became evident the automatic update process had been temporarily disabled following problems with a number of PCs in theatres.

"This decision was taken by the IT Change Advisory Board to prevent further disruption in theatres which could have affected patient care." No individual was responsible for the move, the Trust added."

I can certainly understand the gravity of a computer restarting in a hospital operating room during surgery. Turning off automatic updates for the entire city hospital system is certainly not the solution.

Apparently the hospital IT staff has never heard of the Group Policy Editor. I suggest they study Microsoft KB Article 307882, "How To Use the Group Policy Editor to Manage Local Computer Policy in Windows XP". If that is beyond their skill level, perhaps consider isolating the computers in the operating arenas and manually update those computers when surgical procedures are not scheduled.

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

No comments: