A computer virus has infected the Barts and The London computer system. The Trust’s well rehearsed emergency procedures have been activated to ensure that key clinical systems continue while network access is being established.

Way to sound like professionals, guys. So you have well rehearsed emergency procedures, do you?

How about robustly enforced security practices? If you had the latter then you would have had no need to invoke the former.

Just a few questions for you, in no particular order:

• What virus has infested your systems? Is it some esoteric new malware or is it old and well known? I'm guessing the latter.
  
  
• What was the transmission vector? Do you have network issues? Are people carrying around patient data (and malware) on USB memory keys?
  
  
• How many layers of security were breached or bypassed?
  
  
• Were affected systems fully up to date with patches to OS (Windows, at a guess) and related software products?
  
  
• Why do your users have privileges to install and/or run foreign code?
  
  
• Which systems are affected?
  
  
• What was the duration of service disruption?
  
  
• Has data been lost or compromised?
  
  
• Accepting your assertion that we have maintained a safe environment for our patients throughout the incident, how has service to patients been affected? We know that patient transport services at least have been hit.
  
  
• And finally, who will be sacked for failing to adhere to good security practices, still less best practice?

Category: Viruses and Worms
Technorati: Virus Barts The+London

Unable to post a comment? Please read this for a possible explanation...