It’s not especially controversial to say that if you don’t implement an effective patch management strategy, and ensure your endpoints run up-to-date and enabled Antivirus, you’re sitting on a network security incident time bomb.
We all know and understand this, yet the IT press reports high profile incidents on an almost daily basis. A review of an outbreak that affected three major London hospitals in 2008 concluded that the infection by the “Mytob” worm was “entirely avoidable”.
The infection, which affected Barts and the London NHS trust, “rapidly infiltrated” the trust’s 4,700 PC network resulting in a “very small number” of non-urgent operations being rescheduled. It seems that the Trust reacted well to the outbreak, and that “patient safety was not compromised at any time”, and at no point was confidential patient information put at risk.
The root of the issue, it would seem, was that although the Antivirus software was regularly updated, the updates did not reach all PCs. Additionally the software was found to be incorrectly configured on some PCs, leaving a “back door for the virus to infiltrate the network”. The source of the virus was not made entirely clear, but it was said to have been “introduced accidentally” and without malicious intent.
The fact the incident was well handled by the Trust, and that at no point was the well-being or confidentiality of patients put at risk, reflects positively on the IT personnel involved in responding to the incident. The report highlighted the fact that the trust had “well-rehearsed emergency procedures” in place, and ensured that key clinical systems continued to function.
What can we learn from this? Firstly, don’t rely on a reactive approach to systems such as Antivirus and patching. A daily manual check of the Antivirus server’s console isn’t good enough anymore, instead we need to restrict a devices network access the moment it has an issue.
Secondly, as highlighted by the above report, having a procedure in place for responding to incidents is critical. Instead of wasting crucial time planning how to react, the London NHS was able to respond immediately and ensure the continued smooth running of their organisation.
The report is available via the Barts and the London NHS Trust website (bartsandthelondon.nhs.uk)
skip to main |
skip to sidebar
About
Maintained by Foursys' Network Access team, the Network Security blog aims to bring you regular updates covering everything from software upgrades and industry news to interesting stories from the field
Tags
Microsoft NAP Feed
SophosLabs Feed
Posts
Foursys Ltd. not responsible for the content of external sites
Main Website: http://www.foursys.co.uk/
Foursys (C) 2009
Main Website: http://www.foursys.co.uk/
Foursys (C) 2009
No comments:
Post a Comment
All comments are moderated, so will not appear immediately.