IE 11 is not supported. For an optimal experience visit our site on another browser.

Computer Worm Forces Hospitals to Turn Away Patients

/ Source: SecurityNewsDaily

A damaging, fast-spreading computer bug forced an Atlanta-area hospital system to shut its doors for nearly three days last week and divert ambulances to other facilities.

Gwinnett Medical Center's two campuses, in Lawrenceville and Duluth, Ga., were forced to declare "total diversion" status and turn away all but extreme trauma cases beginning Dec. 7, when the hospital's IT department detected malware on its network.

Gwinnett Medical Center spokeswoman Beth Okun told Atlanta's WSB-TV Channel 2 that the malware disabled computer connectivity within the two facilities, meaning staff had to run papers from station to station rather than sending them over the network. The bug hampered several departments, including radiology, pharmacy and labs.

Okun and local media reported the malware as a "virus," but it seems more likely that it was a worm, since a virus needs human intervention to replicate and would not have spread through an organization's entire computer system so quickly.

Okun said the malware affected connectivity only, and did not compromise medical records or affect patient care "in any way, shape or form." She said the hospital did not know how the malware got into the system.

Gwinnett Medical Center's network became stable again at 3 p.m. on Friday (Dec. 9), and began accepting patients the following day.

This is not the first time a computer bug has caused chaos in the medical field: Last month, a virus took out the automated in-vehicle response systems of a New Zealand ambulance company, leaving drivers in the dark about the emergency calls to which they were responding.

Sophos' Chet Wisniewski noted that hospitals and other medical facilities are caught between a rock and a hard place when it comes to computer security.

"Many medical devices now hook into hospital networks for monitoring, alerting, logging and reporting," he said in a blog posting. "These devices often run commodity operating systems (read: Windows) and the vendors prohibit applying patches to them. They will not guarantee the device will operate correctly if it is patched, leaving medical facilities in a very difficult position."