Conficker worm invades U.K. hospital IT network

The Conficker virus infected approximately 120 computers in healthcare facilities run by the Mid Cheshire Hospitals NHS Foundation Trust in the U.K., according to a statement issued by the trust on January 28.

Conficker is a computer worm that targets the Microsoft Windows operating system. First detected in November 2008, it uses flaws in Windows software to infiltrate equipment. Conficker potentially could allow its developers to control what is now estimated to be 7 million infected computer operating systems in more than 200 countries.

The Mid Cheshire Hospitals NHS Foundation Trust includes Leighton Hospital in Crewe and the Victoria Infirmary in Northwich and serves a population of 280,000 living in areas of Congleton, Crewe, Northwich, and Vale Royal.

Healthcare IT staff identified the infection on January 20 and noted that it had spread to approximately 9% of the trust's computers. No core clinical systems were affected, and the virus did not affect patient care or compromise the security of patient clinical information, according to hospital spokesperson Annie Harvey.

All trust IT equipment is protected, with both antivirus software and an intrusion prevention system monitoring incoming and outgoing Internet traffic. Preliminary infections indicate that the virus was introduced using a USB device, according to the statement.

Meanwhile, the Conficker virus remains alive and flourishing at hospitals and in at least 85 to 90 U.S. and international PACS sites, according to Rodney Joffe, senior vice president and senior technologist of NeuStar in Sterling, VA. Eleven of these are located in the state of Louisiana, Joffe said in a telephone interview with

Tracking the infections down has been made easier for some of the PACS sites. The PACS software of one PACS vendor has a unique identifier, and those specific sites could be told with certainty that their PACS was infected. Once notified, the majority of PACS sites identified as infested in the spring of 2009 were able to remediate the infection.

However, some hospitals and hospital enterprises have reported to the Conficker Working Group that they have been able to remediate the infection in most computers, but they have not been able to eliminate it entirely, Joffe said. Some hospital IT executives suspect that the resilient worm may reside in OEM equipment and medical devices controlled by their vendors.

The worm could reside in an innocuous computer in a hospital lounge made available for the use of visitors and isolated from the main hospital IT network, or it could be in an infusion pump or diagnostic imaging modality, Joffe said. Outside cybersecurity specialists are typically unable to tell where a worm resides in a healthcare computer network, but they're able to tell it's present because it transmits an outgoing signal at regular intervals that can be intercepted.

Joffe believes that this theory is probable as a means of explaining the worm's persistence. He also confirmed that USB drives were known sources of transmitting the computer virus.

By Cynthia E. Keen staff writer
January 29, 2010

Related Reading

HIMSS Survey: Hospitals not ready to protect electronic records, November 12, 2009

FDA issues cybersecurity reminder, November 9, 2009

Conficker worm highlights PACS cybersecurity issues, June 2, 2009

Intrusion-detection testing finds network vulnerabilities, August 11, 2008

Copyright © 2010

Page 1 of 603
Next Page