That is pretty interesting. It would really be bad though if something like a life support machine was affected with a virus. Thanks for the read.
Considering that I have been working in a hospital for the past 2 weeks trying to help them recover from a virus that infected half of their computer systems...I will speak up here.
Most medical systems (life support, etc) are going to be separate from your typical e-mail/internet network that nurses/doctors use that become infected. There are some that have clients on regular computers and can be affected though. The major one that I have seen is an application that is used to track patient medication. That client requires fingerprint authentication and only works internally.
I really think the hospital I work at lacks common sense with it's IA and higher level management. They allow general logins (as opposed to individual) for computer access, full local admin rights for these general accounts and even USB flash drive access. As patient care has been moved more and more digitally, more strict security policies should be put in place. The issue is with the higher level management, they just aren't computer people. They are people with management degrees that are put in charge but have no real understanding of technology and how much it has advanced. Even the VP of IT is clueless. One of them recommended moving to Macs which would merely drive up considerable cost and not work properly on a Windows domain, not to mention the fact that the patient care software isn't designed for Macs.
I think the direct patient care systems should be completely secured from top to bottom. The AV solution they used (Trend Micro) should be replaced as it has failed them repeatedly. It cost them considerable money in the contractors like myself that they had to bring in for manpower. It cost them ability to do patient care effectively. We worked 24/7 with 12 hour shifts to try to contain the problem. They weren't even organized on a solution to resolve the issue - going from trying to clean the computers to re-imaging them instead. It was a catastrophe and showed just how poorly organized they were. They brought in non-technical volunteers and project coordinators to try to help - most of whom just got in the way.
Edited by JonM33, 06 September 2010 - 08:17 AM.