The Mytob worm attack on the Barts and the London NHS Trust network was “entirely avoidable”, an independent review has concluded.
Board papers published on the trust’s website indicate that although the trust had anti-virus protection “that was updated on a daily basis prior to the attack” this “did not reach all PCs” and was “configured incorrectly on some PCs” leaving a “back door” through which the virus could infiltrate the network.
Mytob struck on 17 November and rapidly infected the trust’s 4,700 PCs. Barts had to activate its major internal incident procedure to cope with the resulting disruption.
The review, conducted by a consultant recommended bythe London Programme for IT, says the incident “could have threatened the well-being of patients and the morale of staff, as well as the long-term reputation of the trust.”
That it didn’t do so “reflects positively on the ability of personnel in all parts of the trust to be reactive and flexible in rising to the very considerable challenges that were presented over the seven days of the incident,” the report says.
However, it concludes that the incident was “entirely avoidable” and the result of a “substantive failure of the trust’s information governance processes, especially those operational processes in the ICT domain.”
The publicly available board papers say it would compromise trust security to say exactly how the virus was introduced, although they say the infection was “accidental” rather than “malicious.”
They also say that an urgent programme of work is now underway to improve management systems and processes that will not be complete until April.
The Barts papers were published days after Sheffield Teaching Hospitals NHS Trust acknowledged that it had been hit by the Conficker B worm in December. The virus apparently struck after IT managers turned off anti-virus protection measures to tackle a problem with PCs supporting information in theatres.
Around 800 computers of the trust’s 7,000 computers were affected, and the trust is still clearing up “the last remnants” of the problem. A handful of patients had their appointments cancelled and immediately rebooked.
Conficker B has achieved some national notoriety, with newspapers reporting that it may have originated in the Ukraine as part of “computer warfare” between former Soviet states.
A number of NHS trusts and public sector organisations are also reported to have been affected. Microsoft provided a patch in October.