NHS hit by a different sort of virus
Updated on 09 July 2009
A More4 News investigation finds that more than 8,000 dangerous viruses have infected NHS computers in the last financial year, with a significant number of cases impacting on patient care.
On 18 November 2008, a computer virus called the Mytob worm caused havoc in three major London hospitals when it spread so quickly that it overloaded computer networks.
At Barts, the Royal London and the London Chest Hospital, services were affected, including accessing blood tests, X-ray and patient administration.
But the same day, More4 News revealed that the trust could have avoided the incident if easily available security updates had been applied to their network months earlier.
This prompted More4 News to request information from every NHS trust in England to find out how many of their systems had allowed a computer virus to penetrate their network.
Seventy five per cent replied, revealing that more than 8,000 viruses got through security systems with 12 incidents affecting clinical departments and therefore impacting on patient care.
Some of these were contained, such as by West Middlesex Trust where a virus did not get further than a Dictaphone.
But others interfered with the work of staff, for example in Maidstone and Tunbridge Wells, where 100 users were locked out of their computer systems.
The trusts with infections also identified by More4 News include Grampian, Isle of Wight, Basingstoke & North Hampshire, Newcastle, Poole, Bradford Teaching Hospitals and Leeds Teaching Hospitals.
More4 News has also identified other major incidents in the past few months. In Sheffield, 800 PCs were infected after just one computer in an operating theatre had its anti-virus software switched off.
During March in Scotland, Greater Glasgow and Clyde NHS trust was struck by a particularly virulent computer virus called Conficker, which froze staff out of their computers for two days.
At the trust's Beatson cancer centre, 51 appointments or radiotherapy sessions were rescheduled and with cancer, any postponement in treatment could be critical.
One patient, Aileen Kirkwood, was staying in Glasgow, five hours away from her home in the Isle of Skye.
She told More4 News: “Some of the patients had obviously travelled a long distance. They were obviously a bit annoyed, but they were also angry.
"Some of them were quite upset because their treatment was cancelled, and they were told they'd have to go home. I believe that some of them didn't get their treatment the next day either.”
A number of trusts admitted in official reports and to More4 News that their networks were attacked because anti virus systems were turned off or not properly applied; The independent report into the incident at Barts and the Royal London concluded it was entirely avoidable.
Professor Ross Anderson of the University of Cambridge told More4 News: “Where you find infections of computers, it's very often symptomatic of poor management of IT, just as when you find infections with MRSA and C-difficile, that's a symptom of poor management of the hospital, of poor management of hygiene and such basic things as cleaning the floors.”
It is not just computer viruses causing hospitals to grind to a halt at a moments notice, although that has happened. It is not just test results lost and treatments being postponed, although More4 News has discovered that this has happened too. Patients' confidential data could be at grave risk of being lost or stolen by hackers.
The viruses that More4 News found have infected computers are also used by hackers to steal personal information.
What is worrying experts is that the government is midway through building a £13bn system which will link together the medical records of everyone in England.
The NHS told us that their new records system will have significantly higher levels of security than local NHS trusts have at the moment and that from this year strategic health authorities will be forced to regularly disclose when data is lost.
In a statement to More4 News, the NHS said: "Electronic patient records systems are protected by the highest levels of access controls and other security measures. These levels of security are far higher than any which can be imposed on access to paper records or the majority of local NHS IT solutions."
But we still will not know the full spread of computer virus infections across the country. So the urgent challenger now facing the NHS is to ensure that from now on computers are helping doctors rather than needlessly putting patients care at risk.