Sidewinder on avoiding a serious Doh! moment…

Doctors are great at dealing with viruses. Sometimes the IT department can be overwhelmed by them. Davey Winder looks at the latest outbreak in the NHS – and reiterates his top tips for making sure it does not happen to you.

Homer Simpson is known for making the kind of mind-boggling mistakes that make you smile and grimace at the same time. However, for once, it is Bart who should be saying Doh! Not Bart Simpson, mind you, but Barts and London NHS Trust, which has been facing a self-confessed “major incident” following the infection of its networks by a virus.

As I write, a couple of days after ground zero, it is clear that three hospitals were impacted by the virus attack: St Bartholomew's in the City, the Royal London in Whitechapel and the London Chest Hospital in Bethnal Green.

Julian Nettel, the trust’s chief executive, says that by using “back-up systems, manual procedures and working flexibly, we have continued to provide high quality care to our patients."

Indeed, it seems that despite some serious initial disruption, which resulted in ambulances being diverted to other hospitals and access to many networks being severely limited, Barts has managed to roll-out a well rehearsed recovery plan.

In a prepared statement it says that: “Operating theatres and outpatients departments have remained operational throughout the incident, though some non essential activities have been scaled back. A&E remains open to walk in patients…”

Ay Caramba!

Which is all good news. What’s more, it illustrates why IT security best practice not only emphases protection but incident response. Planning for a worst case scenario can feel like admitting defeat before the battle has begun, but without both the recovery plan in place – and, just as importantly, the dry runs to make sure it worked - the situation for Barts could have been much, much worse.

The trouble is; the problem should never have occurred in the first place. And here’s another worry. Two days after the breach, and as the trust’s network was slowly being brought back up to speed, a spokesperson was still telling the press it was not known how the virus penetrated the network in the first place.

Now, it is possible that the trust doesn’t want to make this information public for some good reason. But if so, it should say so. Because if you really do not know how a virus managed to breach your network defences, then you’re saying that you do not know how long your systems have been secure and whether anything else has compromised your systems or data.

These questions take on an even greater significance when you appreciate that the Barts and the London network had recently been upgraded to support the NHS Care Records Service.

Don’t be next…

Meantime, it is never too soon to look at your own anti-virus strategy and to audit your own security policy, to make sure that this cannot happen to you.

Perhaps the single most valuable piece of best practice advice that any enterprise can be given with regards to an anti-virus strategy is the old adage about eggs and baskets. I am not saying anti-virus applications are irrelevant - far from it. But anti-virus applications should be just one strand of a multi-layered approach to network security.

Alone, they cannot defend the fortress. Indeed, research suggests that even when protected by anti-virus applications, more than half of enterprises have suffered a malware infection. And, of course, the purpose of most malware is to distribute and install a virus.

Indeed, although it has yet to be confirmed, my contacts tell me that the Barts infection was most likely a case of the Mytob worm, which uses email as its delivery mechanism and plants data stealing Trojans once installed. It’s therefore time, once again, to reiterate my anti-virus and network protection tips…